Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How to grant user access to create tag based policies in ranger?

avatar
Explorer

Hi,

 

I want to grant a set of users access to add tag based policies in ranger. I have adde the users to data steward role which grants ranger/atlas admin access but still they get a access denied when create a tag based access policy. Creating resource based policies is working for them.

 

Ideally we want to grant them permissions to add tag based policies.

 

We use CDP public cloud 7.2.12 in AWS.

 

Any pointers are welcome. Thanks.

2 ACCEPTED SOLUTIONS

avatar
Explorer
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
Master Collaborator
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
6 REPLIES 6

avatar
Guru

Hello @RajeshReddy ,

DataSteward role would usually grant “environments/adminRanger” permission which makes user Ranger and Atlas admin. This would suffice to create a tag based policy. Can we get more info on the error you are getting? Any screenshot or error messages would help us greatly to help you further.

Thanks.

avatar
Explorer

@VR46 Below is the error. The requirement is to grant the user access to only create tag based policies and deny creating resource based policies. But the result is opposite right now. Cant see any exception in ranger logs.

 

ranger-tag.PNG

avatar
Explorer
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login

avatar
Master Collaborator

@RajeshReddy 

 

Can you please give a try with changing the role to "environment admin"?

avatar
Explorer

This is not what we want to do.

avatar
Master Collaborator
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login