Atlas is configured to use Ranger for authorization by default. You
might need to change configuration settings to disable Ranger as the source
of authorization in a development environment; Ranger authorization is
highly recommended in a production environment. In addition, there are some
configuration values that you might need to change should you make
significant changes to how Atlas and Ranger are installed in your
cluster.
Atlas behaves like any other service when it comes to integrating with
Ranger for access control: turn on Ranger authorization from the
Cloudera Manager configuration page for the Atlas service. This
integration allows Atlas to use Ranger policies to determine
authorization for user actions in Atlas; Atlas also reports success or
failure against the policies back to Ranger. In addition to this
standard integration for authorization, Atlas integrates with Ranger to
send metadata updates to Ranger using a Kafka topic. The configuration
properties that support the two integration paths include specifying
HDFS locations for caching Ranger policies, storing Atlas audits, and
storing other metadata exchanged between the two services. In rare
circumstances, you may need to relocate these storage locations.
Minimum Required Role in Cloudera Manager: Full Administrator.
In Cloudera Manager, select the Atlas service, then open the
Configuration tab.
To display the Ranger configuration settings, type "ranger" in the
Search box.
To modify the behavior of the Atlas to Ranger integration, update
the following properties:
To disable Atlas authentication through Ranger
Uncheck the RANGER Service property.
Leave the supporting properties as is so you can re-instate
Ranger easily if needed.
To set where Atlas stores intermediate data for Ranger audits
and cached authorization policies
Review and potentially change the path value for these
properties:
