How Ranger replication policy works
A Ranger replication policy can replicate Ranger policies and roles and Ranger audit logs in HDFS. The Ranger replication policy must complete several tasks to replicate the Ranger policies, roles, and Ranger audit logs successfully.
- On the source cluster, the Ranger policies and roles for the specified
services are exported to a file, and the file is transferred to the target cluster.
You can choose the services on the Services tab during Ranger replication policy creation.
- Optionally, on the target cluster, the names of the Ranger service; the
usernames; the file paths, database names, table names, and the URLs of the resources in
the source cluster are transformed or mapped to the names in the target cluster in the
file.
You can choose the required User Mapping and Resources Mapping to transform or map on the Advanced tab during Ranger replication policy creation.
- On the target cluster, the file is imported and ingested into the Ranger
service. You can choose one of the following methods to ingest the file into Ranger service during Ranger replication policy creation:
- Merge method (default). When you choose this method, Replication Manager
merges the Ranger policies.
For example, assume a Ranger policy in the destination Ranger service has user1 and the same Ranger policy on the source cluster has user2. In this method, both user1 and user2 are added in the destination Ranger policy after replication.
- Override method. When you choose this method, Replication Manager
overwrites the existing Ranger policies.
For example, assume a Ranger policy in the destination Ranger service has user1 and the same Ranger policy on the source cluster has user2. In this method, user1 is removed and user2 is added in the destination Ranger policy after replication.
You can choose the ingestion method on the Advanced tab during Ranger replication policy creation.
- Merge method (default). When you choose this method, Replication Manager
merges the Ranger policies.
