Cloudera Docs

What's New in Apache Ranger

The following new features and enhancements are generally available for Ranger customers in Cloudera Runtime 7.2.16:

Ranger Metrics on Audit Throughput

Ranger now provides a feature to monitor the throughput of audits generated by each plugin. Audit throughput monitoring includes an alert mechanism, which triggers when a large number of audits are generated and spool files are created. The Ranger UI now displays the audit metrics graphically. For more information, see the updated examples in Viewing Audit Metrics and Viewing Audit Details

New Ranger API to collect metrics in Ranger Admin

Ranger now provides two APIs to fetch ranger admin metrics One returns a response in JSON format and the other returns a response in prometheus-compatible format. For more information, see Ranger Admin Metrics API.

New Ranger API to collect metrics in Ranger RAZ

Ranger now provides two APIs to fetch ranger admin metrics One returns a response in JSON format and the other returns a response in prometheus-compatible format. For more information, see Ranger RAZ Metrics API.

Changes to Show Role Grant behavior

The Hive2 command line interface, Beeline returns role grant definitions for a specific principal, such as a user, group or role. For more information, see Showing Role|Grant definitions from Ranger HiveAuthorizer.

Changes to show Sync Source in Ranger User Management UI

The source type and details from which external users sync with Ranger now appears in Ranger Admin UI. For more information, see the updated examples throughout: Administering Ranger Users, Groups, Roles, and Permissions.

Provided Ranger support on DataHub HDFS

Spark jobs now interact with HDFS for scratch/staging data that cannot rely on S3. Reduced dramatic performance degradation due to lack of atomic rename. Added to 7.2.14+ via hotfix. For more information, see the updated examples in Enabling Ranger HDFS plugin manually on a Data Hub .

Performance and Function Improvements

  • Performance improvements for Ranger log file rotation implemented and documented. For 2more information, see Managing logging properties for Ranger services.

  • Prior to 7.1.8 Ranger RMS download mapping API was an open API. Now it is made secured and it requires JWT/Kerberos authentication to access this API.

  • New Audit filters in HDFS audits are added to exclude the ACID operations which are flooding the ranger audits and are not really needed.

  • Consolidate policies created for {OWNER} by Authzmigrator. Provided a feature to skip the {OWNER} policy in authzmigration tool.