What's New in Apache Ranger

The following new features and enhancements are generally available for Ranger customers in Cloudera Runtime 7.2.18:

Ranger Usersync option to update group memberships when same users and groups are synced from multiple sync sources

Ranger Usersync now provides an option for customers to treat users/groups from multiple sync sources as the same for updating group memberships. For more information, see the updated topic: Configuring Usersync to sync directly with LDAP/AD.

HA support for Ranger Tag Sync/User Sync

Ranger now supports high availability for Ranger Tag Sync/User Sync. Configuring high availability adds another instance of each role to an additional host, which host continues to run the features if the default host fails. .

New Ranger API to collect metrics in Ranger Admin

Ranger now provides two APIs to fetch ranger admin metrics. One returns a response in JSON format and the other returns a response in prometheus-compatible format. For more information, see Ranger Admin Metrics API.

New Ranger APIs to import/export roles in Ranger Admin

Ranger now includes APIs to import and export roles. For more information, see Ranger REST API documentation.

Add support for enabling audit file accumulation

You can enable and configure alerts for Ranger plugin-supported services through Cloudera Manager. Such alerts notify when audit spool files accumulate in the spool directories for Solr and HDFS. For more information, see Configuring audit spool alert notifications.

Add support for additional methods in RangerKafkaAuthorizer

RangerKafkaAuthorizer includes ACL APIs that refer to Ranger Policies when these commands are executed. Ranger relies on the grant, revoke and policy engine APIs to cater the needed functionality. For more information, see Kafka ACL APIs support.

Add APIs to support force deletes of external users and groups from Ranger db

A Ranger database may (over)-populate with user and group records. To aid in removal of unnecessary users/groups, customers may use this feature to delete specific external user/groups or even all external users/groups if required. For more information, see Force deletion of external users and groups from the Ranger database.

Ranger RMS support for s3 (Preview)

In CDP 7.2.18, Ranger RMS will support authorization for s3 storage locations, when deployed in an AWS environment. RMS for s3 will provide authorization for both HDFS and s3 file systems. A customer with this new RMS entitlement ENABLE_RMS_ON_DATALAKE should be able to create a cluster with RMS as a configurable option (--enable-ranger-rms) through a cdp cli command create-aws-datalake. When RMS is selected during cluster setup, customers will not be required to install & configure RMS separately. For more information, see the updated topics and examples throughout Ranger RMS - HIVE-S3 ACL Sync Overview.