Administering Ranger Users, Groups, Roles, and Permissions

Ranger Admin users can manage users, group, roles and permissions using Ranger Admin Web UI.

Overview: Ranger User/Groups/Roles

Ranger Admin Web UI allows users with Administrator role (permissions) to create new users, groups and roles that define fine-grained access control in CDP. This topic presents an overview of the user, group, role, permission management options you can find under Settings. This functionality is supported by CDP runtime base code in both public and private runtime form factors.

To list the users, groups, and roles for which Ranger manages access to CDP services, select Ranger Admin Web UI > Settings > Users/Groups/Roles.

Users lists:

  • Internal users - created by a Ranger admin user who can log in to the Ranger Admin Web UI.
  • External users - created at other systems such as Active Directory, LDAP, or UNIX.
  • Admin users - who are the only users with permission to create users and services, run reports, and perform other administrative tasks using Ranger Admin Web UI.
  • Visible users - those users created in Ranger Admin Web UI, or in other systems who are "active", in other words, not marked for deletion.
  • Hidden users - those users that have been marked for deletion for any reason (for example invalid characters, duplicates, or obsolescence).

Users also shows the Groups to which each user belongs.

The following example shows internal, external, and Admin users listed on Service Manager > Users:

Groups lists:

  • Internal groups - created by a Ranger admin.
  • External groups - created by other systems.
  • On Groups, you can click Users to view the members of a specific group.
The following figure shows internal and external groups listed on Groups:
The Users and Groups pages also lists a Sync Source for each user and group. To filter Users and Groups by sync source type, select Sync Source as a search filter, then enter a sync source type, such as Unix or LDAP/AD. To view more information about the sync source, click Sync Details for a user or group.
The following example shows the sync details for the rangertagsync user.
Roles lists:
  • Role names, and related mappings to:
  • User names
  • Group names
  • Other role names