Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to create many ranger policies and add users to them ?

Solved Go to solution

How to create many ranger policies and add users to them ?

Guru

We have requirement where we have to create more that 1000+ policies, so what is the easiest way to create these?

Also how to add users to each policies ?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to create many ranger policies and add users to them ?

Expert Contributor

The Ranger REST API is best to programmatically create users and policies.

Here's how to create users, from an article on this site:
https://community.hortonworks.com/content/supportkb/49439/how-to-use-api-curl-commands-to-create-int...

Here's how to use the Ranger REST API to create policies:

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Policy+Management

Please note the sections on Creating, Updating, Deleting policies.

To create for example, send a POST request to the following endpoint with the following body. This example is pulled from the link above.

POST /service/public/api/policy

{
  "policyName": "HomePolicy",
  "resourceName": "\/home,\/apps",
  "description": "Home",
  "repositoryName": "hadoopdev",
  "repositoryType": "hdfs",
  "isEnabled": "true",
  "isRecursive": false,
  "isAuditEnabled": true,
  "permMapList": [
    {
      "userList": [
        "john",
        "andrew"
      ],
      "permList": [
        "SELECT",
        "UPDATE"
      ]
    },
    {
      "userList": [
        "hr"
      ],
      "groupList": [
        "admin"
      ],
      "permList": [
        "DROP",
        "ALTER",
        "ADMIN"
      ]
    }
  ]
}
6 REPLIES 6

Re: How to create many ranger policies and add users to them ?

Expert Contributor

The Ranger REST API is best to programmatically create users and policies.

Here's how to create users, from an article on this site:
https://community.hortonworks.com/content/supportkb/49439/how-to-use-api-curl-commands-to-create-int...

Here's how to use the Ranger REST API to create policies:

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Policy+Management

Please note the sections on Creating, Updating, Deleting policies.

To create for example, send a POST request to the following endpoint with the following body. This example is pulled from the link above.

POST /service/public/api/policy

{
  "policyName": "HomePolicy",
  "resourceName": "\/home,\/apps",
  "description": "Home",
  "repositoryName": "hadoopdev",
  "repositoryType": "hdfs",
  "isEnabled": "true",
  "isRecursive": false,
  "isAuditEnabled": true,
  "permMapList": [
    {
      "userList": [
        "john",
        "andrew"
      ],
      "permList": [
        "SELECT",
        "UPDATE"
      ]
    },
    {
      "userList": [
        "hr"
      ],
      "groupList": [
        "admin"
      ],
      "permList": [
        "DROP",
        "ALTER",
        "ADMIN"
      ]
    }
  ]
}

Re: How to create many ranger policies and add users to them ?

Guru

@anarasimham: Thanks for your quick response. can you help me to get how to add many users to a specific policy or one user to many policy ?

Re: How to create many ranger policies and add users to them ?

Expert Contributor

Yes, you can add users to policies either through a CREATE or UPDATE as the second article above outlines. There is a parameter called 'userList' and you will be able to specify any number of users you'd like. To add one user to many policies, you will have to go one by one and add the user to each of the target policies.

Please refer to this link from above:

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Policy+Management

Re: How to create many ranger policies and add users to them ?

Guru

thanks @anarasimham.

Re: How to create many ranger policies and add users to them ?

New Contributor

Please use the following doc link. It documents the latest set of REST APIs supported by Ranger for policy management.

Thanks!

https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.6+-+REST+APIs+for+Service+Definit...

,

Re: How to create many ranger policies and add users to them ?

Rising Star

@Saurabh: Why you want to create 1000+ policies? Can you try grouping the requirements and reduce the policies? Eg: achieve them via making user groups or DB level policies with different user permission set. Ranger API is def a solution for this but I would suggest to revisit the requirement and rule out as many duplicates as you can.

Just a suggestion, not saying your requirement is invalid!!!