Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to grant user access to create tag based policies in ranger?

avatar
author-rank RajeshReddy
Explorer

Created ‎03-10-2022 08:48 AM

Hi,

 

I want to grant a set of users access to add tag based policies in ranger. I have adde the users to data steward role which grants ranger/atlas admin access but still they get a access denied when create a tag based access policy. Creating resource based policies is working for them.

 

Ideally we want to grant them permissions to add tag based policies.

 

We use CDP public cloud 7.2.12 in AWS.

 

Any pointers are welcome. Thanks.

2,425 Views
0 Kudos
2 ACCEPTED SOLUTIONS

avatar
author-rank RajeshReddy
Explorer

Created ‎03-14-2022 08:43 AM

Granting data steward role has fixed the issue. May be it was just a sync issue. However our requirement is to grant access to only tag based policies and not on resource based policies.

View solution in original post

2,347 Views
0 Kudos

avatar
author-rank Azhar_Shaikh author-rank
Master Collaborator

Created ‎03-14-2022 08:49 AM

@RajeshReddy 

 

for tag based policies you can refer to https://docs.cloudera.com/runtime/7.2.10/security-ranger-authorization/topics/security-ranger-tag-ba...

 

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

View solution in original post

2,346 Views
0 Kudos
6 REPLIES 6

avatar
author-rank VR46 author-rank
Guru

Created ‎03-10-2022 11:08 PM

Hello @RajeshReddy ,

DataSteward role would usually grant “environments/adminRanger” permission which makes user Ranger and Atlas admin. This would suffice to create a tag based policy. Can we get more info on the error you are getting? Any screenshot or error messages would help us greatly to help you further.

Thanks.

2,399 Views
0 Kudos

avatar
author-rank RajeshReddy
Explorer

Created ‎03-11-2022 01:03 AM

@VR46 Below is the error. The requirement is to grant the user access to only create tag based policies and deny creating resource based policies. But the result is opposite right now. Cant see any exception in ranger logs.

 

ranger-tag.PNG

2,391 Views
0 Kudos

avatar
author-rank RajeshReddy
Explorer

Created ‎03-14-2022 08:43 AM

Granting data steward role has fixed the issue. May be it was just a sync issue. However our requirement is to grant access to only tag based policies and not on resource based policies.

2,348 Views
0 Kudos

avatar
author-rank Azhar_Shaikh author-rank
Master Collaborator

Created ‎03-13-2022 12:50 AM

@RajeshReddy 

 

Can you please give a try with changing the role to "environment admin"?

2,368 Views
0 Kudos

avatar
author-rank RajeshReddy
Explorer

Created ‎03-14-2022 08:42 AM

This is not what we want to do.

2,347 Views
0 Kudos

avatar
author-rank Azhar_Shaikh author-rank
Master Collaborator

Created ‎03-14-2022 08:49 AM

@RajeshReddy 

 

for tag based policies you can refer to https://docs.cloudera.com/runtime/7.2.10/security-ranger-authorization/topics/security-ranger-tag-ba...

 

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

2,347 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements