Community Articles

Find and share helpful community-sourced technical articles.
avatar
Explorer

For this article let’s take the supposition that we have a MDM Software handling the enterprise organization.

When we add/change an item in a MDM, it goes throw a workflow (validation, dedup, etc…).

For synchronizing in real-time to Ranger “Users and Policies Management” the last action on the workflow must be publishing to a broker the information, that can be a JMS based broker(AMQ, RabbitMQ etc ..) or Kafka.

Putting the message into a broker gives you the safety of never losing the event.We use HDF to consume, built the payload and call Ranger API.

13472-screen-shot-2017-03-09-at-180115.png

List of hidden Ranger useful API's.

To invoke the API's

curl -u admin:admin -v -i -s -X POST -H "Accept: application/json" -H "Content-Type: application/json" http://<IP>:6080/service/xusers/secure/users -d @<FILE_PATH>
curl -u admin:admin -v -i -s -X GET http://<IP>:6080/service/xusers/users
curl -u admin:admin -v -i -s -X DELETE http://xxx:6080/service/xusers/secure/users/$ID_USER

Create a user

http://<IP>:6080/service/xusers/secure/users

Update a user

http://<IP>:6080/service/xusers/secure/users/{id}

Delete a user

http://<IP>:6080/service/xusers/users/userName/{userName}

Create a group

http://<IP>:6080/service/xusers/secure/groups

Update a group

http://<IP>:6080/service/xusers/secure/groups/{id}

Delete a group

http://<IP>:6080/service/xusers/groups/groupName/{groupName}

For Policies API there is a good documentation directly on the Apache Ranger documentation

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Service+Definition%2C+Service+and+P...

Others useful API's

Get a particular group by name

 http://<IP>:6080/service/xusers/groups?name=ha

Get particular group details

http://<IP>:6080/service/xusers/groups/{id}

Get a user's Count

http://<IP>:6080/service/xusers/users/count

Get particular group details

http://<IP>:6080/service/xusers/groups/{id}
7,369 Views
Comments
avatar
Contributor

Hi,

I have a requirement like, i need to create policy with two groups .one group with "ALL" permissions to some "x" user and 2nd group with "select" permission to "y" user.

 

i have created policy through REST APi with one group but with "all" permissions but how to mention 2nd group with "select" permission in same create policy command.

 

Thanks in advance!

 

 

Srini Podili

avatar
Community Manager

@srinivasp as this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post.

Regards,

Vidya

avatar
New Contributor

Hi ,

We want to import ranger policy from active cluster ranger to standby cluster ranger . Could you tell us how we can achieve this using sql and api

I can list policy using below command on Active cluster ranger database, could you tell us how do I insert approx. 10,000 ranger policy into standby cluster ranger database.

SELECT g.GROUP_NAME, g.DESCR group_descr, r.NAME role_name, r.DESCRIPTION role_descr,
p.NAME policy_name, p.DESCRIPTION policy_descr, p.POLICY_TEXT FROM
X_GROUP g,
X_ROLE r,
X_ROLE_REF_GROUP rg,
X_POLICY_REF_ROLE rp,
X_POLICY p
WHERE rg.GROUP_ID = g.ID
AND rg.ROLE_ID = r.ID
AND rp.ROLE_ID = r.ID
AND rp.POLICY_ID = p.ID
AND r.NAME like '%grant%'

 

Regards,
Gurunath

avatar
Community Manager

@urunath As this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post. Thanks