Apache Atlas is configured to use Apache Ranger for authorization by default. You might
need to change configuration settings to disable Ranger as the source of authorization in a
development environment; Ranger authorization is highly recommended in a production environment.
In addition, there are some configuration values that you might need to change should you make
significant changes to how Atlas and Ranger are installed in your cluster.
Atlas behaves like any other service when it comes to integrating with Ranger for access
control: turn on Ranger authorization from the Cloudera Manager
configuration page for the Atlas service. This integration allows Atlas to use Ranger
policies to determine authorization for user actions in Atlas; Atlas also reports success or
failure against the policies back to Ranger. In addition to this standard integration for
authorization, Atlas integrates with Ranger to send metadata updates to Ranger using an
Apache Kafka topic. The configuration properties that support the two integration paths
include specifying HDFS locations for caching Ranger policies, storing Atlas audits, and
storing other metadata exchanged between the two services. In rare circumstances, you may
need to relocate these storage locations.
Minimum Required Role in Cloudera Manager: Full Administrator.
In Cloudera Manager, select the Atlas service, then open the
Configuration tab.
To display the Ranger configuration settings, type "ranger" in the Search box.
To modify the behavior of the Atlas to Ranger integration, update the following
properties:
To disable Atlas authentication through Ranger
Uncheck the RANGER Service property. Leave the supporting
properties as is so you can re-instate Ranger easily if needed.
To set where Atlas stores intermediate data for Ranger audits and cached
authorization policies
Review and potentially change the path value for these properties: