Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

How to Manage Users and Security Policies via Ranger API.

avatar
author-rank vlundberg
Explorer

Created on ‎03-09-2017 04:59 PM - edited ‎08-17-2019 01:53 PM

For this article let’s take the supposition that we have a MDM Software handling the enterprise organization.

When we add/change an item in a MDM, it goes throw a workflow (validation, dedup, etc…).

For synchronizing in real-time to Ranger “Users and Policies Management” the last action on the workflow must be publishing to a broker the information, that can be a JMS based broker(AMQ, RabbitMQ etc ..) or Kafka.

Putting the message into a broker gives you the safety of never losing the event.We use HDF to consume, built the payload and call Ranger API.

13472-screen-shot-2017-03-09-at-180115.png

List of hidden Ranger useful API's.

To invoke the API's

curl -u admin:admin -v -i -s -X POST -H "Accept: application/json" -H "Content-Type: application/json" http://<IP>:6080/service/xusers/secure/users -d @<FILE_PATH>
curl -u admin:admin -v -i -s -X GET http://<IP>:6080/service/xusers/users
curl -u admin:admin -v -i -s -X DELETE http://xxx:6080/service/xusers/secure/users/$ID_USER

Create a user

http://<IP>:6080/service/xusers/secure/users

Update a user

http://<IP>:6080/service/xusers/secure/users/{id}

Delete a user

http://<IP>:6080/service/xusers/users/userName/{userName}

Create a group

http://<IP>:6080/service/xusers/secure/groups

Update a group

http://<IP>:6080/service/xusers/secure/groups/{id}

Delete a group

http://<IP>:6080/service/xusers/groups/groupName/{groupName}

For Policies API there is a good documentation directly on the Apache Ranger documentation

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Service+Definition%2C+Service+and+P...

Others useful API's

Get a particular group by name

 http://<IP>:6080/service/xusers/groups?name=ha

Get particular group details

http://<IP>:6080/service/xusers/groups/{id}

Get a user's Count

http://<IP>:6080/service/xusers/users/count

Get particular group details

http://<IP>:6080/service/xusers/groups/{id}
7,372 Views
Comments

Re: How to Manage Users and Security Policies via Ranger API.

avatar
author-rank srinivasp
Contributor

Created on ‎07-05-2021 04:56 AM

Hi,

I have a requirement like, i need to create policy with two groups .one group with "ALL" permissions to some "x" user and 2nd group with "select" permission to "y" user.

 

i have created policy through REST APi with one group but with "all" permissions but how to mention 2nd group with "select" permission in same create policy command.

 

Thanks in advance!

 

 

Srini Podili

Re: How to Manage Users and Security Policies via Ranger API.

avatar
author-rank VidyaSargur author-rank
Community Manager

Created on ‎07-05-2021 09:47 AM

@srinivasp as this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post.

Regards,

Vidya

Re: How to Manage Users and Security Policies via Ranger API.

avatar
author-rank urunath
New Contributor

Created on ‎10-10-2022 10:44 AM

Hi ,

We want to import ranger policy from active cluster ranger to standby cluster ranger . Could you tell us how we can achieve this using sql and api

I can list policy using below command on Active cluster ranger database, could you tell us how do I insert approx. 10,000 ranger policy into standby cluster ranger database.

SELECT g.GROUP_NAME, g.DESCR group_descr, r.NAME role_name, r.DESCRIPTION role_descr,
p.NAME policy_name, p.DESCRIPTION policy_descr, p.POLICY_TEXT FROM
X_GROUP g,
X_ROLE r,
X_ROLE_REF_GROUP rg,
X_POLICY_REF_ROLE rp,
X_POLICY p
WHERE rg.GROUP_ID = g.ID
AND rg.ROLE_ID = r.ID
AND rp.ROLE_ID = r.ID
AND rp.POLICY_ID = p.ID
AND r.NAME like '%grant%'

 

Regards,
Gurunath

Re: How to Manage Users and Security Policies via Ranger API.

avatar
author-rank DianaTorres author-rank
Community Manager

Created on ‎10-10-2022 10:50 AM

@urunath As this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post. Thanks

Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements
Version history
Last update:
‎08-17-2019 01:53 PM
Updated by:
Explorer
Contributors