Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Additional ranger Keyadmins

Labels:
avatar
author-rank sajesh_purayil
Contributor

Created ‎12-10-2018 07:40 AM

We are managing the Ranger KMS using kayadmin user.

I can add users and assign admin role from ranger admin console. But could not find user management option after login to keyadmin user profile.

How can I create new users and add them as keyadmin for managing keys ?

Thanks,

Sajesh

3,454 Views
0
1 ACCEPTED SOLUTION

avatar
author-rank sampathkumar_ma
Expert Contributor

Created ‎12-10-2018 05:16 PM

Hi @Sajesh PP,

To create KMS admins, do the following:
1. Since only admin role can create users, first login to Ranger UI as an admin.
2. Create multiple new users from Ranger webUI and keep these users as ADMIN role
3. Go to Settings -> Permissions -> Edit 'Key Manager' permission & add newly created user to 'Key Manager' module -> Save & Logout
4. Login as new user and you can use 'Encryption' tab for creating and managing the keys.

Hope this helps!

Please login and accept the answer if you find this answer helpful. Thanks

View solution in original post

3,327 Views
0
4 REPLIES 4

avatar
author-rank sampathkumar_ma
Expert Contributor

Created ‎12-10-2018 05:16 PM

Hi @Sajesh PP,

To create KMS admins, do the following:
1. Since only admin role can create users, first login to Ranger UI as an admin.
2. Create multiple new users from Ranger webUI and keep these users as ADMIN role
3. Go to Settings -> Permissions -> Edit 'Key Manager' permission & add newly created user to 'Key Manager' module -> Save & Logout
4. Login as new user and you can use 'Encryption' tab for creating and managing the keys.

Hope this helps!

Please login and accept the answer if you find this answer helpful. Thanks

3,328 Views
0

avatar
author-rank sajesh_purayil
Contributor

Created ‎12-11-2018 06:26 AM

I had followed the above steps.

After login to new user account i can go to Encryption tab.But when I select my Service name from "Select service" option it says "User:<user> not allowed to do 'GET_KEYS" and i cannot see any of my keys listed

3,327 Views
0 Kudos

avatar
author-rank sampathkumar_ma
Expert Contributor

Created on ‎12-11-2018 10:58 AM - edited ‎08-17-2019 04:00 PM

Hi @Sajesh PP,

Could you please try to add new user to KMS policy and grant the permissions.

Login as keyadmin -> Access Manager -> Click the KMS service -> Edit "all-keyname" policy -> add newly created user in select user section.95390-ranger-kms-get-keys.png

Hope this helps!!

Please login and accept the answer if you find this answer helpful. Thanks

3,327 Views
0 Kudos

avatar
author-rank sampathkumar_ma
Expert Contributor

Created ‎12-13-2018 10:29 AM

@Sajesh PP Are you able to list the keys using above method?If so, please login and accept the answer.

3,327 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements