Ranger replication policies

Ranger replication policies in enable the migration of Ranger policies, roles for HDFS, Hive, and HBase services, and audit logs for HDFS. You can migrate these Ranger policies from Kerberos-enabled 7.3.2 or higher clusters using 7.13.2 to 7.3.2 clusters.

The Ranger replication policy can replicate the following:

Ranger policies and roles that include Ranger tag-based policies and Ranger resource-based policies. The replication policy always performs a complete export and import of Ranger policies.
Ranger audit logs in HDFS using superuser credentials. You must ensure that the Ranger audit log directory on the source cluster is snapshot-enabled. Replication Manager uses DistCp jobs to replicate Ranger HDFS audit log directories. Therefore, the first Ranger replication policy run to replicate the Ranger audit log directory is a bootstrap job and the subsequent runs are incremental.
tip
You can go to the required Ranger audit log directory in Cloudera Manager and then enable snapshots for the directory.

You can choose to replicate only the Ranger policies and roles, or only the Ranger audit logs in HDFS during the Ranger replication policy creation process. The Ranger replication policy replicates from only one Ranger source service on the source cluster to only one Ranger destination service on the target cluster.

You can use Ranger replication policies in the following use cases:

When Ranger is used for file system-level access control for HDFS and Hive and you want to copy the Ranger policies to another cluster for backup purposes.
When you want to move or replicate Ranger policies for Hive (SQL) or HBase data to another cluster for disaster recovery purposes.