Ranger special entities
Ranger in CDP has specific, internal groups and entities that affect user authorization and access to all services in CDP.
In addition to any users, group, roles and permissions that you define using Ranger, you must understand the following Ranger special entities:
- "public" group
-
A special, internal group within Ranger that consists of all users, including future users. Membership is implicit and automatic.
The following, default policies give permissions to members of group "public":
- all - database > public > create permission
- default database tables columns > public > create permission
- Information_schema database tables columns > public > select permission
You can remove “public” from these default policies to further restrict user access, based on your security requirements.
- {OWNER} special entity
-
A special Ranger entity attached to a user based on their actions. For example, when a user "bob" creates a table, "bob" becomes the {OWNER} of that table and would get any permissions provided to {OWNER} on that table across all the policies. The following default policies have permissions for {OWNER}: