Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

About "Delegate Admin" in Ranger

Labels:
avatar
author-rank pminovic author-rank
Master Guru

Created ‎02-18-2016 01:06 AM

About "Delegate admin" Ranger user guide says: When a policy is assigned to a user or a group of users those users become the delegated admin.The delegated admin can update, delete the policies. It can also create child policies based on the original policy (base policy). What exactly can be done? I'm assuming the delegated admin can only further reduce given permissions. Do we have any examples updating the policy and creating child policies.

8,547 Views
1 ACCEPTED SOLUTION

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-18-2016 03:59 AM

@Predrag Minovic

See this...In my case , I have a user called demouser and I have created a policy called policy1 and its delegated policy. When I login with user demouser in ranger then I can see policy1 but when I remove delegated option from policy1 then demouser cant see it.

You can see the demo here

View solution in original post

5,696 Views
8 REPLIES 8

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-18-2016 03:59 AM

@Predrag Minovic

See this...In my case , I have a user called demouser and I have created a policy called policy1 and its delegated policy. When I login with user demouser in ranger then I can see policy1 but when I remove delegated option from policy1 then demouser cant see it.

You can see the demo here

5,697 Views

avatar
author-rank nsabharwal
Master Mentor

Created on ‎02-18-2016 04:08 AM - edited ‎08-18-2019 06:24 AM

@Predrag Minovic It can do whatever the permissions you give to do. demouser can login and delegate other users

admin

2234-screen-shot-2016-02-17-at-110655-pm.png

demouser

2236-screen-shot-2016-02-17-at-110635-pm.png

5,696 Views
0 Kudos

avatar
author-rank pminovic author-rank
Master Guru

Created ‎02-18-2016 04:13 AM

Thanks @Neeraj Sabharwal, that's cool! And per specs. What else can the demouser do as the delegated admin, can he add more paths? And how about child policies, can you try to create one? Tnx.

5,696 Views

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-18-2016 11:02 AM

@Predrag Minovic

demouser cannot add new policy for new paths but can add more paths under the main path.

5,696 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎02-19-2016 11:45 AM

@Predrag Minovic Help me to close the thread by accepting the best answer if answer was helpful.

5,696 Views
0 Kudos

avatar
author-rank garunkumar85
Expert Contributor

Created ‎04-03-2016 02:17 AM

@neeraj sabharwal

am not able to access demo video 😞

5,696 Views
0 Kudos

avatar
author-rank pminovic author-rank
Master Guru

Created ‎04-03-2016 06:05 AM

There is no video, it's an animated gif, located here http://i.giphy.com/l4Ki1Ng3uxdTnUTra.gif

5,696 Views
0 Kudos

avatar
author-rank inderjeet26
New Contributor

Created ‎05-25-2018 06:16 PM

Hello, From what version of Ranger this delegate admin feature is supported? This is a cool feature for multi-level provisioning powers

5,696 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements