Adding a role through Ranger

How to add a role in Ranger.

What is a Role ? A role contains a set of users, groups, or other roles. You assign a role by adding a user, group or role to it. By adding multiple roles, you create a role hierarchy in which you manage permission sets at the role level.

Benefits that roles provide in a large environment:
  • A role may include many users or groups, all of which may be updated using a single command.
  • Adding or revoking a single permission to or from a role requires a single command, which also applies to all users and groups with that role.
  • Roles allow for some documentation about why a permission is granted or revoked.
Conceptually, a role functions as a collection. A group is a collection of users. You create a role and add users to it. Then, you grant that role to a group. Roles present an easier way to manage users and groups, based on specific access criteria.
A simple example of a role hierarchy follows:
  • FinReadOnly role, which gives read permission on all tables in the Finance database and is defined by a Ranger policy that grants read on database:Finance, table:* to the FinReadOnly role.
  • FinWrite role, which gives write permission on all tables in the Finance database and is defined by a Ranger policy that grants write on database:Finance, table:* to the FinWrite role.
  • FinReadWrite role, which role is granted both the FinRead and FinWrite roles and thereby inherits read and write permission to all tables in the Finance database.
  • FinReporting group whose users require only read permission to the Finance tables. FinReporting group is added to FinReadOnly role in Ranger.
  • FinDataPrep group whose users require only write permission to the Finance tables. FinDataPrep group is added to the FinWrite role in Ranger.
  • FinPowerUser group whose users require read and write permission to all Finance tables. FinPowerUsers group is added to the FinReadWrite role in Ranger.

You can create a role either through Ranger, or through Hive.

To add a role, the user must have Admin_Role privilege in Ranger.
To create a role through Ranger:
  1. Select Settings > Users/Groups/Roles, then click the Roles tab.
    The Role List page appears.
    Roles appears with Roles List active
  2. Click Add New Role.
    The Role Detail page appears.
    Role Details Page
  3. Enter a unique name for the role. Optionally, add users, groups and/or roles to be associated with the role, then click Save.