Support Questions

sunile_manjee · ‎03-04-2016

How do I create a child policy using delegated admin policy?

Ranger Guide on Delegated Admin - When a policy is assigned to a user or a group of users those users become the delegated admin.The delegated admin can update, delete the policies. It can also create child policies based on the original policy (base policy).

I have viewed the following and the instructions were not clear:

https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5+-+User+Guide

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_Ranger_User_Guide

nsabharwal · ‎03-04-2016

@Sunile Manjee

See this https://community.hortonworks.com/questions/17782/about-delegate-admin-in-ranger.html

Demo

View solution in original post

nsabharwal · ‎03-04-2016

@Sunile Manjee

See this https://community.hortonworks.com/questions/17782/about-delegate-admin-in-ranger.html

Demo

pminovic · ‎03-04-2016

Here is an example using a Hive db: Login as Ranger admin and create a new policy giving user1 all permissions to a database called hivedb1, all tables, all columns. Check "Delegate admin" for user1 and save the policy. Now, login to Ranger as user1, and click the Hive repo. The just created policy on hivedb1 will be listed there. Now you can create child policies based on hivedb1, for example you can create a policy giving permissions to user2 only to some tables of hivedb1 and their columns, and user3 to some other tables and columns. So, user1 fully controls (is a delegated admin of) hivedb1. user1 can also modify the base policy, for example by adding user4 and giving him select only permission to hivedb1. I tried this in HDP-2.3.4, there might be some differencies in older versions.

nsabharwal · ‎03-05-2016

@Sunile Manjee

Cloudera Community

Support Questions

Creating Ranger Child Policy