Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

About "Delegate Admin" in Ranger

Labels:
avatar
author-rank pminovic author-rank
Master Guru

Created ‎02-18-2016 01:06 AM

About "Delegate admin" Ranger user guide says: When a policy is assigned to a user or a group of users those users become the delegated admin.The delegated admin can update, delete the policies. It can also create child policies based on the original policy (base policy). What exactly can be done? I'm assuming the delegated admin can only further reduce given permissions. Do we have any examples updating the policy and creating child policies.

7,636 Views
1 ACCEPTED SOLUTION

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-18-2016 03:59 AM

@Predrag Minovic

See this...In my case , I have a user called demouser and I have created a policy called policy1 and its delegated policy. When I login with user demouser in ranger then I can see policy1 but when I remove delegated option from policy1 then demouser cant see it.

You can see the demo here

View solution in original post

4,785 Views
8 REPLIES 8

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-18-2016 03:59 AM

@Predrag Minovic

See this...In my case , I have a user called demouser and I have created a policy called policy1 and its delegated policy. When I login with user demouser in ranger then I can see policy1 but when I remove delegated option from policy1 then demouser cant see it.

You can see the demo here

4,786 Views

avatar
author-rank nsabharwal
Master Mentor

Created on ‎02-18-2016 04:08 AM - edited ‎08-18-2019 06:24 AM

@Predrag Minovic It can do whatever the permissions you give to do. demouser can login and delegate other users

admin

2234-screen-shot-2016-02-17-at-110655-pm.png

demouser

2236-screen-shot-2016-02-17-at-110635-pm.png

4,785 Views
0 Kudos

avatar
author-rank pminovic author-rank
Master Guru

Created ‎02-18-2016 04:13 AM

Thanks @Neeraj Sabharwal, that's cool! And per specs. What else can the demouser do as the delegated admin, can he add more paths? And how about child policies, can you try to create one? Tnx.

4,785 Views

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-18-2016 11:02 AM

@Predrag Minovic

demouser cannot add new policy for new paths but can add more paths under the main path.

4,785 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-19-2016 11:45 AM

@Predrag Minovic Help me to close the thread by accepting the best answer if answer was helpful.

4,785 Views
0 Kudos

avatar
author-rank garunkumar85
Expert Contributor

Created ‎04-03-2016 02:17 AM

@neeraj sabharwal

am not able to access demo video 😞

4,785 Views
0 Kudos

avatar
author-rank pminovic author-rank
Master Guru

Created ‎04-03-2016 06:05 AM

There is no video, it's an animated gif, located here http://i.giphy.com/l4Ki1Ng3uxdTnUTra.gif

4,785 Views
0 Kudos

avatar
author-rank inderjeet26
New Contributor

Created ‎05-25-2018 06:16 PM

Hello, From what version of Ranger this delegate admin feature is supported? This is a cool feature for multi-level provisioning powers

4,785 Views
0 Kudos
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements
meetups banner