Support Questions

Find answers, ask questions, and share your expertise

HDP 2.4.3. Atlas tag created through API, can Ranger know the same?

avatar
Rising Star

HDP 2.4.3 - Ranger 0.5.2 and Atlas 0.5

Atlas UI does not provide a way to create a tag through UI. But, I understand that we can create a tag using the API provided by Atlas. Now, can Ranger 0.5.2 get/know about this tag information that was created in Atlas?

1 ACCEPTED SOLUTION

avatar
Master Mentor
@Mohana Murali Gurunathan

Ranger tag based policies are not available with Ranger 0.5. It is a feature added with Ranger 0.6 https://cwiki.apache.org/confluence/display/RANGER/0.6+Release+-+Apache+Ranger

https://cwiki.apache.org/confluence/display/RANGER/Tag+Based+Policies

HDP 2.5 is the first release to include both Atlas and Ranger and includes ranger tagsync service that is basically the mechanism you're asking for.

View solution in original post

5 REPLIES 5

avatar

@Mohana Murali Gurunathan

I'm assuming you want this for Tag-Based Policies.

Tag-Based Policies and Atlas-Ranger integration are not available with Atlas 0.5. They are only available with HDP 2.5+, which contains Atlas 0.7.

avatar
Rising Star

@Eyad Garelnabi, thanks for your response.

avatar
Master Mentor
@Mohana Murali Gurunathan

Ranger tag based policies are not available with Ranger 0.5. It is a feature added with Ranger 0.6 https://cwiki.apache.org/confluence/display/RANGER/0.6+Release+-+Apache+Ranger

https://cwiki.apache.org/confluence/display/RANGER/Tag+Based+Policies

HDP 2.5 is the first release to include both Atlas and Ranger and includes ranger tagsync service that is basically the mechanism you're asking for.

avatar
Rising Star

@Artem Ervits, thanks for your pointed replies giving a lot of clarity. Yes, I do understand this. But, I now need to find a way. There are certain clusters which are HDP 2.4 (for some specific reasons) and so this means that we cannot have data governance through the easier tag based policy approach. Still can do things with Ranger, but it has to be done per service basis. What I like with the tags is that it cuts across the services (hdfs, hive,.....). Even new data that enters can be classified to have the same tag and all the rules of access get automatically inherited.

avatar
Master Mentor

@Mohana Murali Gurunathan I am not aware of any plans to backport this feature into 2.4 branch. We're deprecating 2.2 and 2.3 branches with the release of HDP 2.5.3. You will have to make a tough choice and upgrade at some point. Instead of going the unbeaten path, it's a safer bet to upgrade to 2.5.x and reap the benefits of these features. Otherwise, my guess would be to look at Ranger REST API and see if you can inject tags into current Ranger policies. https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Service+Definition,+Service+and+Pol...