Using the Ranger Key Management Service
Ranger Key Management Service (KMS) can be accessed by logging into the Ranger web UI as the KMS administrator.
Role Separation
Ranger uses separate admin users for Ranger and Ranger KMS.
- The Ranger admin user manages Ranger access policies.
- The Ranger KMS admin user (
keyadmin
by default) manages access policies and keys for Ranger KMS, and has access to a different set of UI features than the Ranger admin user.
Using separate administrator accounts for Ranger and Ranger KMS separates encryption
work (encryption keys and policies) from cluster management and access policy
management.