Support Questions
Find answers, ask questions, and share your expertise

Additional ranger Keyadmins

We are managing the Ranger KMS using kayadmin user.

I can add users and assign admin role from ranger admin console. But could not find user management option after login to keyadmin user profile.

How can I create new users and add them as keyadmin for managing keys ?

Thanks,

Sajesh

1 ACCEPTED SOLUTION

Accepted Solutions

Expert Contributor

Hi @Sajesh PP,

To create KMS admins, do the following:
1. Since only admin role can create users, first login to Ranger UI as an admin.
2. Create multiple new users from Ranger webUI and keep these users as ADMIN role
3. Go to Settings -> Permissions -> Edit 'Key Manager' permission & add newly created user to 'Key Manager' module -> Save & Logout
4. Login as new user and you can use 'Encryption' tab for creating and managing the keys.

Hope this helps!

Please login and accept the answer if you find this answer helpful. Thanks

View solution in original post

4 REPLIES 4

Expert Contributor

Hi @Sajesh PP,

To create KMS admins, do the following:
1. Since only admin role can create users, first login to Ranger UI as an admin.
2. Create multiple new users from Ranger webUI and keep these users as ADMIN role
3. Go to Settings -> Permissions -> Edit 'Key Manager' permission & add newly created user to 'Key Manager' module -> Save & Logout
4. Login as new user and you can use 'Encryption' tab for creating and managing the keys.

Hope this helps!

Please login and accept the answer if you find this answer helpful. Thanks

View solution in original post

I had followed the above steps.

After login to new user account i can go to Encryption tab.But when I select my Service name from "Select service" option it says "User:<user> not allowed to do 'GET_KEYS" and i cannot see any of my keys listed

Expert Contributor

Hi @Sajesh PP,

Could you please try to add new user to KMS policy and grant the permissions.

Login as keyadmin -> Access Manager -> Click the KMS service -> Edit "all-keyname" policy -> add newly created user in select user section.95390-ranger-kms-get-keys.png

Hope this helps!!

Please login and accept the answer if you find this answer helpful. Thanks

Expert Contributor

@Sajesh PP Are you able to list the keys using above method?If so, please login and accept the answer.