When Apache Ranger can sync users and groups directly from AD/LDAP/OS, then why it is necessary for any custom service to do: rangerRequest.setUserGroups() in the authorization request for isAccessAllowed() sent to Ranger. Why just the username along with resource details is not sufficient. Ranger can internally lookup the group info since it is already syncing with AD/LDAP.
I am trying to integrate authorization of my custom service with Apache Ranger. My service authenticates the user via JWT token. For authorization, I can extract the user name from token but to get the group information I have to query AD/LDAP/OS Can I use Ranger REST APIs for extracting the group information here?