Supporting Cloudera Observability On-Premises with Apache Ranger
If you have installed Apache Ranger for Cloudera Observability On-Premises, Cloudera suggests that you set the Apache Ranger properties to specify super users for the HBase, HDFS, Hive, Impala, and Kafka services.
| Service | Setting | Name | Value |
|---|---|---|---|
| HBase | HBase Service Advanced Configuration Snippet (Safety Valve) for ranger-hbase-security.xml | ranger.plugin.hbase.super.users | observability |
| HDFS | HDFS Service Advanced Configuration Snippet (Safety Valve) for ranger-hdfs-security.xml | ranger.plugin.hdfs.super.users | |
| Hive | Hive Service Advanced Configuration Snippet (Safety Valve) for ranger-hive-security.xml | ranger.plugin.hive.super.users | |
| Kafka | Kafka Service Advanced Configuration Snippet (Safety Valve) for ranger-kafka-security.xml | ranger.plugin.kafka.super.users |
- In a supported web browser on the Cloudera Observability On-Premises cluster, log in to Cloudera Manager.
- In Cloudera Manager, select Clusters and then select the Service name. For example, HBase.
- In the Service name page, click the Configuration tab and then search for the HBase Service Advanced Configuration Snippet (Safety Valve) for ranger-hbase-security.xml setting for the HBase service.
- In the Name field, enter ranger.plugin.hbase.super.users.
- In the Value field, enter observability.
- Click Save Changes.
- Repeat these steps for each service using the Apache Ranger settings table.
-
For the Impala service, add a custom policy in Apache Ranger for Hadoop
SQL.
- Manually add a new user named observability in Apache Ranger for the Observability service. For information, see Adding a user in CDP Private Cloud Base documentation.
- Assign full privileges to the new observability user on all databases and schemas. For information on granting user access using Apache Ranger, see Impala Authorization in CDP Private Cloud Data Warehouse Runtime documentation.
