Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Additional ranger Keyadmins

Labels:
avatar
author-rank sajesh_purayil
Contributor

Created ‎12-10-2018 07:40 AM

We are managing the Ranger KMS using kayadmin user.

I can add users and assign admin role from ranger admin console. But could not find user management option after login to keyadmin user profile.

How can I create new users and add them as keyadmin for managing keys ?

Thanks,

Sajesh

3,116 Views
1 ACCEPTED SOLUTION

avatar
author-rank sampathkumar_ma
Expert Contributor

Created ‎12-10-2018 05:16 PM

Hi @Sajesh PP,

To create KMS admins, do the following:
1. Since only admin role can create users, first login to Ranger UI as an admin.
2. Create multiple new users from Ranger webUI and keep these users as ADMIN role
3. Go to Settings -> Permissions -> Edit 'Key Manager' permission & add newly created user to 'Key Manager' module -> Save & Logout
4. Login as new user and you can use 'Encryption' tab for creating and managing the keys.

Hope this helps!

Please login and accept the answer if you find this answer helpful. Thanks

View solution in original post

2,989 Views
4 REPLIES 4

avatar
author-rank sampathkumar_ma
Expert Contributor

Created ‎12-10-2018 05:16 PM

Hi @Sajesh PP,

To create KMS admins, do the following:
1. Since only admin role can create users, first login to Ranger UI as an admin.
2. Create multiple new users from Ranger webUI and keep these users as ADMIN role
3. Go to Settings -> Permissions -> Edit 'Key Manager' permission & add newly created user to 'Key Manager' module -> Save & Logout
4. Login as new user and you can use 'Encryption' tab for creating and managing the keys.

Hope this helps!

Please login and accept the answer if you find this answer helpful. Thanks

2,990 Views

avatar
author-rank sajesh_purayil
Contributor

Created ‎12-11-2018 06:26 AM

I had followed the above steps.

After login to new user account i can go to Encryption tab.But when I select my Service name from "Select service" option it says "User:<user> not allowed to do 'GET_KEYS" and i cannot see any of my keys listed

2,989 Views
0 Kudos

avatar
author-rank sampathkumar_ma
Expert Contributor

Created on ‎12-11-2018 10:58 AM - edited ‎08-17-2019 04:00 PM

Hi @Sajesh PP,

Could you please try to add new user to KMS policy and grant the permissions.

Login as keyadmin -> Access Manager -> Click the KMS service -> Edit "all-keyname" policy -> add newly created user in select user section.95390-ranger-kms-get-keys.png

Hope this helps!!

Please login and accept the answer if you find this answer helpful. Thanks

2,989 Views
0 Kudos

avatar
author-rank sampathkumar_ma
Expert Contributor

Created ‎12-13-2018 10:29 AM

@Sajesh PP Are you able to list the keys using above method?If so, please login and accept the answer.

2,989 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements