What's New in Apache Ranger
Learn about the new features of Ranger in Cloudera Runtime 7.1.7.
Audit Filters General Availability
You can use Ranger audit filters to control the amount of audit log data collected and stored on your cluster. Previously in the Technical Preview version JSON strings were used to create audit filters. For GA an audit filters UI has been implemented.
Enhanced Ranger auditing of super user actions for HDFS
Implemented a new method "AccessControlEnforcer" to check super user permissions and audit those super user actions for HDFS.
Maximum Retention Days attribute for Ranger audits
Now users can update the solr document expiry ranger.audit.solr.config.ttl and ranger.audit.solr.config.delete.trigger parameters from CM in Ranger configurations and refresh configurations to get the Solr collection for Ranger audits updated with ttl and delete trigger.
Ranger Authorization for StorageHandler-based Hive table creation
Provides the functionality of authorizing StorageHandler in the HIVE Create / Alter statement of table. You must create and maintain a policy for Storage Type (hbase, phoenix, kafka, jdbc) and corresponding Storage URL for the StorageHandler in Ranger for this Authorization.
Usersync: support for users/groups deleted from sync source
You can configure Ranger Usersync to update Ranger when users and groups have been deleted from the sync source (UNIX, LDAP, AD or PAM). This ensures that users and groups – and their associated access permissions – do not remain in Ranger when they are deleted from sync source.