How Ranger replication policy works
The Ranger replication policy ensures successful replication of Ranger policies, roles, and Ranger audit logs by exporting data from the source cluster and importing it using merge or override methods.
- On the source cluster, the Ranger policies and roles for the specified services
are exported to a file, and the file is transferred to the target cluster. You
can select the services during the Ranger replication policy creation.
You can select the services during the Ranger replication policy creation.
- Optionally, on the target cluster, the names of the Ranger service; the
usernames; the file paths, database names, table names, and the URLs of the
resources in the source cluster are transformed or mapped to the names in the
target cluster in the file.
You can select the required mapping to transform or map during the Ranger replication policy creation process.
- On the target cluster, the file is imported and ingested into the Ranger
service.
You can select one of the following methods to ingest the file into Ranger service during the Ranger replication policy creation process:
- Merge method (default) – Replication Manager
merges the Ranger policies.
For example, if a Ranger policy in the target Ranger service has user1 and the same Ranger policy on the source cluster has user2, both user1 and user2 are added in the target Ranger policy after replication.
- Override method – Replication Manager overwrites
the existing Ranger policies.
For example, if a Ranger policy in the target Ranger service has user1 and the same Ranger policy on the source cluster has user2, user1 is removed and only user2 is added in the target Ranger policy after replication.
- Merge method (default) – Replication Manager
merges the Ranger policies.
