Support Questions
Find answers, ask questions, and share your expertise

How to grant user access to create tag based policies in ranger?

New Contributor

Hi,

 

I want to grant a set of users access to add tag based policies in ranger. I have adde the users to data steward role which grants ranger/atlas admin access but still they get a access denied when create a tag based access policy. Creating resource based policies is working for them.

 

Ideally we want to grant them permissions to add tag based policies.

 

We use CDP public cloud 7.2.12 in AWS.

 

Any pointers are welcome. Thanks.

2 ACCEPTED SOLUTIONS

New Contributor

Granting data steward role has fixed the issue. May be it was just a sync issue. However our requirement is to grant access to only tag based policies and not on resource based policies.

View solution in original post

Contributor

@RajeshReddy 

 

for tag based policies you can refer to https://docs.cloudera.com/runtime/7.2.10/security-ranger-authorization/topics/security-ranger-tag-ba...

 

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

View solution in original post

6 REPLIES 6

Guru

Hello @RajeshReddy ,

DataSteward role would usually grant “environments/adminRanger” permission which makes user Ranger and Atlas admin. This would suffice to create a tag based policy. Can we get more info on the error you are getting? Any screenshot or error messages would help us greatly to help you further.

Thanks.

New Contributor

@VR46 Below is the error. The requirement is to grant the user access to only create tag based policies and deny creating resource based policies. But the result is opposite right now. Cant see any exception in ranger logs.

 

ranger-tag.PNG

New Contributor

Granting data steward role has fixed the issue. May be it was just a sync issue. However our requirement is to grant access to only tag based policies and not on resource based policies.

Contributor

@RajeshReddy 

 

Can you please give a try with changing the role to "environment admin"?

New Contributor

This is not what we want to do.

Contributor

@RajeshReddy 

 

for tag based policies you can refer to https://docs.cloudera.com/runtime/7.2.10/security-ranger-authorization/topics/security-ranger-tag-ba...

 

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

; ;