Force deletion of external users and groups from the Ranger database
If Ranger Usersync operates without proper configuration, a Ranger database may be
(over)-populated with user and group records. Huge user/group and mapping tables may cause
Ranger administration issues. To aid in removal of unnecessary users/groups, customers may use
this feature to delete specific external user/groups or even all external users/groups if
required.
The following 2 REST endpoints are available:
- service/xusers/delete/external/groups
- service/xusers/delete/external/users
The following 2 python client APIs are available:
- force_delete_external_users
- force_delete_external_groups
You can force delete external users and groups from a Ranger database using either REST endpoints or python client APIs.
Invoking REST endpoints (via
cURL):
# to delete a group named 'group_1' service/xusers/delete/external/groups?name=group_1 # to delete all hidden groups service/xusers/delete/external/groups?isVisible=0 # to delete all visible groups service/xusers/delete/external/groups?isVisible=1 # to delete all groups with sync source as Unix service/xusers/delete/external/groups?syncSource=Unix # to delete a user named 'user_1' service/xusers/delete/external/users?name=user_1 # to delete all hidden users service/xusers/delete/external/users?isVisible=0 # to delete a user with a particular email id service/xusers/delete/external/users?emailAddress=xyz5@gmail.com
To use the python client APIs:
$ pip3 install apache_ranger
$ python3
>>> from apache_ranger.client.ranger_client import *
>>> ranger = RangerClientPrivate('<ranger_url>', ('<ranger_user>', '<ranger_pass>'))
Specific use-case examples using the python client APIs:
# to delete user_1 >>> ranger.force_delete_external_users("name=user_1") # to delete group_1 >>> ranger.force_delete_external_groups("name=group_1") # to delete all users with sync source as Unix >>> ranger.force_delete_external_users("syncSource=Unix") # to delete all users with Auditor Role >>> ranger.force_delete_external_users("userRole=ROLE_ADMIN_AUDITOR") # to delete all external users >>> ranger.force_delete_external_users() # to delete all external groups >>> ranger.force_delete_external_groups()