Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Integration a custom component with Ranger why rangerRequest.setUserGroups() is required?

Highlighted

Integration a custom component with Ranger why rangerRequest.setUserGroups() is required?

New Contributor

When Apache Ranger can sync users and groups directly from AD/LDAP/OS, then why it is necessary for any custom service to do: rangerRequest.setUserGroups() in the authorization request for isAccessAllowed() sent to Ranger. Why just the username along with resource details is not sufficient. Ranger can internally lookup the group info since it is already syncing with AD/LDAP.

Context:

I am trying to integrate authorization of my custom service with Apache Ranger. My service authenticates the user via JWT token. For authorization, I can extract the user name from token but to get the group information I have to query AD/LDAP/OS Can I use Ranger REST APIs for extracting the group information here?

Don't have an account?
Coming from Hortonworks? Activate your account here