What's New in Apache Ranger

Learn about the new features of Apache Ranger in CDP Private Cloud Base 7.3.1.

Support multiple columns policy creation in Ranger for Grant/Revoke request
This enhancement supports multiple columns policy creation in Ranger for Grant/Revoke requests for Impala.
Ranger REST API improvements
Ranger REST APIs have the following changes:
  • The following APIs have been removed:
    • assets/credstores - GET, POST, PUT
    • credstores/count - GET
    • credstores/{id} - GET
    • /xusers/auditmaps - GET
    • /xusers/auditmaps/count - GET
    • /xusers/permmaps - GET
    • /resource/{id} - GET
    • assets/policyList/{repository}
    • /groupgroups/* (All methods)
  • The following APIs were not returning any access code when request is denied; now they suppose to 403:
    • /tags/tags
    • /tags/types
    • /tags/resources APIs
  • Earlier When a non admin user makes a DELETE request to below endpoint, it was returning 405 method not allowed. However, now it returns 403.
    • /assets/resources/{resource_id}
  • Earlier the API was not accessible for the keyadmin role users, but now it shall be accessible.
    • /xaudit/trx_log
  • Earlier the below mentioned API was returning {OWNER} and {USER} users in the response but now onwards it will not return because access to the users list will be based on which role user is having permissions to which role user.
    • /service/xusers/users
  • The API endpoint /xaudit/trx_log/{trx_log_id} was not accessible by keyadmin users. keyadmin users can access the transaction logs using the endpoint /xaudit/trx_log, hence, the keyadmin users should also be allowed to access the endpoint /xaudit/trx_log/{trx_log_id} for transaction log ids related to KMS audits.