Creating Ranger policy to use in RAZ-enabled AWS environment
After you register the RAZ-enabled AWS environment, you can log in to Ranger to
create the policies for granular access to the environment’s cloud storage location. To
create the Ranger policy, you must first create the required S3 policy and then a Hive URL
authorization policy, on an S3 path for the end user.
To create the required S3 policy on an S3 path for end user, perform the
following steps:
Navigate to the Ranger UI.
On the S3 tab, click
cm_s3.
Click Add New Policy in the top right
corner.
Provide the following policy details:
Enter Policy Name.
Enter an S3 Bucket name.
Provide a Path within the S3
bucket.
Select users and permissions to assign to the end
user.
Only Read and
Write permissions can be assigned
to the end user.
The following sample image shows the Create
Policy page in Ranger UI to create an S3 policy on an
S3 path for an end user.
Click Add to save the policy.
To create a Hive URL authorization policy on an S3 path for the end user,
perform the following steps:
Navigate to the Ranger UI.
On the Hadoop SQL tab, click Hadoop
SQL.
Click Add New Policy in the top right
corner.
Provide the policy details. The following sample image shows the policy
details:
Enter Policy Name.
Enter the Hive URL authorization path in the
url field, and enable the
Recursive option.
Provide a Path within the S3
bucket.
Select users and permissions to assign to the end
user.
The following sample image shows the Policy
Details page in Ranger UI to create a Hive URL
authorization policy on an S3 path for an end user.