Administering Ranger Users, Groups, Roles, and Permissions
Ranger Admin users can manage users, group, roles and permissions using Ranger Admin
Web UI.
Overview: Ranger User/Groups/Roles
Ranger Admin Web UI allows users with Administrator role
(permissions) to create new users, groups and roles that define fine-grained access
control in Cloudera Data Platform. This topic presents an overview of
the user, group, role, permission management options you can find under
Settings.
To list the users, groups, and roles for which Ranger manages access to Cloudera Data Platform services,
select Ranger Admin Web UI > Settings > Users/Groups/Roles.
Users lists:
Internal users - created by a Ranger admin user who can log in to the Ranger Admin
Web UI.
External users - created at other systems such as Active Directory, LDAP, or UNIX.
Admin users - who are the only users with permission to create users and services,
run reports, and perform other administrative tasks using Ranger Admin Web UI.
Visible users - those users created in Ranger Admin Web UI, or in other systems who
are "active", in other words, not marked for deletion.
Hidden users - those users that have been marked for deletion for any reason (for
example invalid characters, duplicates, or obsolescence).
Users also shows the Groups to which each user belongs.
The following example shows internal, external, and Admin users listed on Service Manager > Users:
Groups lists:
Internal groups - created by a Ranger admin.
External groups - created by other systems.
On Groups, you can click Users to view
the members of a specific group.
The following figure shows internal and external groups listed on
Groups: The Users and Groups pages also lists a Sync Source for
each user and group. To filter Users and
Groups by sync source type, select Sync Source as a search
filter, then enter a sync source type, such as Unix or LDAP/AD. To view more information
about the sync source, click Sync Details for a user or
group.
The following example shows the sync details for the rangertagsync user.Roles lists: