Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to create many ranger policies and add users to them ?

Labels:
avatar
author-rank SK1
Guru

Created ‎09-19-2017 12:58 PM

We have requirement where we have to create more that 1000+ policies, so what is the easiest way to create these?

Also how to add users to each policies ?

5,809 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank anarasimham author-rank
Super Collaborator

Created ‎09-19-2017 01:31 PM

The Ranger REST API is best to programmatically create users and policies.

Here's how to create users, from an article on this site:
https://community.hortonworks.com/content/supportkb/49439/how-to-use-api-curl-commands-to-create-int...

Here's how to use the Ranger REST API to create policies:

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Policy+Management

Please note the sections on Creating, Updating, Deleting policies.

To create for example, send a POST request to the following endpoint with the following body. This example is pulled from the link above.

POST /service/public/api/policy

{
  "policyName": "HomePolicy",
  "resourceName": "\/home,\/apps",
  "description": "Home",
  "repositoryName": "hadoopdev",
  "repositoryType": "hdfs",
  "isEnabled": "true",
  "isRecursive": false,
  "isAuditEnabled": true,
  "permMapList": [
    {
      "userList": [
        "john",
        "andrew"
      ],
      "permList": [
        "SELECT",
        "UPDATE"
      ]
    },
    {
      "userList": [
        "hr"
      ],
      "groupList": [
        "admin"
      ],
      "permList": [
        "DROP",
        "ALTER",
        "ADMIN"
      ]
    }
  ]
}

View solution in original post

4,795 Views
7 REPLIES 7

avatar
author-rank anarasimham author-rank
Super Collaborator

Created ‎09-19-2017 01:31 PM

The Ranger REST API is best to programmatically create users and policies.

Here's how to create users, from an article on this site:
https://community.hortonworks.com/content/supportkb/49439/how-to-use-api-curl-commands-to-create-int...

Here's how to use the Ranger REST API to create policies:

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Policy+Management

Please note the sections on Creating, Updating, Deleting policies.

To create for example, send a POST request to the following endpoint with the following body. This example is pulled from the link above.

POST /service/public/api/policy

{
  "policyName": "HomePolicy",
  "resourceName": "\/home,\/apps",
  "description": "Home",
  "repositoryName": "hadoopdev",
  "repositoryType": "hdfs",
  "isEnabled": "true",
  "isRecursive": false,
  "isAuditEnabled": true,
  "permMapList": [
    {
      "userList": [
        "john",
        "andrew"
      ],
      "permList": [
        "SELECT",
        "UPDATE"
      ]
    },
    {
      "userList": [
        "hr"
      ],
      "groupList": [
        "admin"
      ],
      "permList": [
        "DROP",
        "ALTER",
        "ADMIN"
      ]
    }
  ]
}
4,796 Views

avatar
author-rank SK1
Guru

Created ‎09-19-2017 01:42 PM

@anarasimham: Thanks for your quick response. can you help me to get how to add many users to a specific policy or one user to many policy ?

4,795 Views
0 Kudos

avatar
author-rank anarasimham author-rank
Super Collaborator

Created ‎09-19-2017 06:44 PM

Yes, you can add users to policies either through a CREATE or UPDATE as the second article above outlines. There is a parameter called 'userList' and you will be able to specify any number of users you'd like. To add one user to many policies, you will have to go one by one and add the user to each of the target policies.

Please refer to this link from above:

https://cwiki.apache.org/confluence/display/RANGER/REST+APIs+for+Policy+Management

4,795 Views
0 Kudos

avatar
author-rank SK1
Guru

Created ‎09-22-2017 12:55 PM

thanks @anarasimham.

4,795 Views
0 Kudos

avatar
author-rank srinivasp
Contributor

Created ‎07-05-2021 04:58 AM

Hi,

I have a requirement like, i need to create hive policy with two groups .one group with "ALL" permissions to some "x" user and 2nd group with "select" permission to "y" user.

 

i have created policy through REST APi with one group but with "all" permissions but how to mention 2nd group with "select" permission in same create policy command.

 

Thanks in advance!

 

 

Srini Podili

3,487 Views
0 Kudos

avatar
author-rank akulkarni1 author-rank
Contributor

Created ‎09-20-2017 06:18 PM

Please use the following doc link. It documents the latest set of REST APIs supported by Ranger for policy management.

Thanks!

https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.6+-+REST+APIs+for+Service+Definit...

,
4,795 Views
0 Kudos

avatar
author-rank shashant_panwar
Rising Star

Created ‎09-25-2017 06:31 PM

@Saurabh: Why you want to create 1000+ policies? Can you try grouping the requirements and reduce the policies? Eg: achieve them via making user groups or DB level policies with different user permission set. Ranger API is def a solution for this but I would suggest to revisit the requirement and rule out as many duplicates as you can.

Just a suggestion, not saying your requirement is invalid!!!

4,795 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements