Force deletion of external users and groups from the Ranger database

If Ranger Usersync operates without proper configuration, a Ranger database may be (over)-populated with user and group records. Huge user/group and mapping tables may cause Ranger administration issues. To aid in removal of unnecessary users/groups, customers may use this feature to delete specific external user/groups or even all external users/groups if required.

The following 2 REST endpoints are available:

  • service/xusers/delete/external/groups
  • service/xusers/delete/external/users

The following 2 python client APIs are available:

  • force_delete_external_users
  • force_delete_external_groups

You can force delete external users and groups from a Ranger database using either REST endpoints or python client APIs.

Invoking REST endpoints (via cURL):
# to delete a group named 'group_1'
# to delete all hidden groups
# to delete all visible groups
# to delete all groups with sync source as Unix
# to delete a user named 'user_1'
# to delete all hidden users
# to delete a user with a particular email id
To use the python client APIs:
$ pip3 install apache_ranger
$ python3
>>> from apache_ranger.client.ranger_client import *
>>> ranger = RangerClientPrivate('<ranger_url>', ('<ranger_user>', '<ranger_pass>'))

Specific use-case examples using the python client APIs:

# to delete user_1
>>> ranger.force_delete_external_users("name=user_1")
# to delete group_1
>>> ranger.force_delete_external_groups("name=group_1")
# to delete all users with sync source as Unix
>>> ranger.force_delete_external_users("syncSource=Unix")
# to delete all users with Auditor Role
>>> ranger.force_delete_external_users("userRole=ROLE_ADMIN_AUDITOR")
# to delete all external users
>>> ranger.force_delete_external_users()
# to delete all external groups
>>> ranger.force_delete_external_groups()