Server Ranger



Rancher is a complete software stack for teams adopting containers. It addresses the operational and security challenges of managing multiple Kubernetes clusters, while providing DevOps teams with integrated tools for running containerized workloads. Apache Ranger™ Apache Ranger™ is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform. The vision with Ranger is to provide comprehensive security across the Apache Hadoop ecosystem. With the advent of Apache YARN, the Hadoop platform can now support a true data lake architecture.

Apache Ranger™

Apache Ranger™ is a framework to enable, monitor and manage comprehensive data security across the Hadoop platform.

The vision with Ranger is to provide comprehensive security across the Apache Hadoop ecosystem. With the advent of Apache YARN, the Hadoop platform can now support a true data lake architecture. Enterprises can potentially run multiple workloads, in a multi tenant environment. Data security within Hadoop needs to evolve to support multiple use cases for data access, while also providing a framework for central administration of security policies and monitoring of user access.

Please read the FAQs if you need to understand how it works over Apache Hadoop components.

Flash player mac os x

Goals Overview

Apache Ranger has the following goals:

  • Centralized security administration to manage all security related tasks in a central UI or using REST APIs.
  • Fine grained authorization to do a specific action and/or operation with Hadoop component/tool and managed through a central administration tool
  • Standardize authorization method across all Hadoop components.
  • Enhanced support for different authorization methods - Role based access control, attribute based access control etc.
  • Centralize auditing of user access and administrative actions (security related) within all the components of Hadoop.

Usage

General instructions on how to use the Apache Ranger can be found on the Wiki Page.

In case you have questions regarding the Ranger' usage, please have a look at the FAQ and feel free to contact the user mailing list. The posts to the mailing list are archived and could already contain the answer to your question as part of an older thread. Hence, it is also worth browsing/searching the mail archive.

If you feel like the Apache Ranger is missing a feature or has a defect, you can fill a feature request or bug report in our issue tracker. When creating a new issue, please provide a comprehensive description of your concern. Especially for fixing bugs it is crucial that the developers can reproduce your problem.

Contributors can check out the source code from our Git repository or from Github

Note: This is post is part of the HDPCA exam objective series

Apache Ranger is a framework for enabling, monitoring, and managing the comprehensive data security across the Hadoop platform. Ranger simply helps a Hadoop admin with various security management tasks. It provides a mechanism to manage the security from a single pane for various components. With Ranger, you can control fine-grained access to various components of the Hadoop ecosystem.

Ranger has an Administration Portal you can use to define various policies for different components. Ranger plugins can be enabled for several HDP services. The following Ranger plugins are available:

  • HDFS
  • Hive
  • HBase
  • Kafka
  • Knox
  • YARN
  • Storm

In this post, we will see how to create a ranger policy to define access to a particular database/table for a user. Before we create any policy, we first have to enable the Hive Plugin for Ranger using ambari.

Enable Ranger Hive plugin

1. To enable Ranger Hive Plugin goto Services >Ranger >Configs >Ranger Plugin. Enable the Ranger Hive Plugin on this page.

2. Save the config by providing an appropriate description note.

3. Ambari will prompt for some recommended changes to be done in order to enable the Ranger Hive Plugin. Accept the changes and proceed.

4. We need to restart the Hive Service for the changes to take effect.

Overview of Ranger Admin UI and pre-configured policies for hive

You can log in to the Ranger Admin UI and check if the Ranger Hive Plugin is enabled and you can create policies. To login to the Ranger Dashboard use the default username/password of admin/admin.

Server Ranger

You can also goto the Ranger Admin UI with below URL:

When you log in to the Ranger UI, the home page lists the various menus and types of policies that can be created using Ranger. As we can see the Ranger Hive Plugin is enabled and we can view the pre-configured policies for Hive.

Ranger server silver bullet technology

Server Ranger Online

You can edit the pre-configured policies as shown below.

This particular policy provides ALL privilege access to the users “hive” and “ambari-qa”. You can add a new user/group and also modify the permissions on this page.

Creating a new Ranger hive Policy

Let’s create a new Ranger Hive Policy to allow access to a particular database (database name: default). The user will have only “select” privilege on all the tables in the default database.

1. Click on the policy group name under Hive.

Hario Range Server

2. Now click on Add New Policy to open a new page, similar to the one shown below:

Provide the details like Policy Name, database name, table name etc.

3. In the “User and Group Permissions” section, we will assign the “select” permission to the user “hdfs”. Save the policy.

Verify the Ranger Hive Policy

Let’s connect to the Hive database using the user hive and test the policy we just created. I have already created a “test” table in the default database.

Getting the HiveServer2 JDBC URL from Ambari

We need to first get the HiveServer2 JDBC URL from ambari in order to connect the hive databases. Goto the Hive Service Page and copy the JDBC URL from the page.

Ranger

Service Ranger Codes

We can now connect to the hive default database using the user “hdfs”. Adobe flash 9.

We can check if we can view the tables in the “default” database using the “hdfs” user. As shown below, we can query the table “test1” in the default database.

Ranger Hdfs Plugin

Let’s try to execute any other query on the table and see if the user has the privilege to drop the table “test1”.

Granting user “hdfs” the “drop” privilege

Let’s modify the policy and give the “drop” privilege to the “hdfs” user on all the tables of the “default” database. From the Ranger Dashboard, edit the policy we created earlier in this post.

Assign the “drop” privilege to the “hdfs” user and save the policy.

Wait for a minute or two for the policy to get updated across the cluster. Now try dropping the table again. This time the user hdfs is able to drop the test1 table.

HDPCA Exam Objective – Install and configure Ranger
How to Create HDFS policies in Ranger