Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

LDAP User does not get full admin priviledges in Ranger

Highlighted

LDAP User does not get full admin priviledges in Ranger

Contributor

I'm using setup as follows:

1. My Ranger is authenticated using knox via LDAP

2. Ranger is synced with LDAP - I can see users and groups in Ranger

3. Additionally I added a group (even tried with user) from LDAP and mapped with each permission in Ranger Permissions screen (by first disabling knox authentication, using admin user to login to Ranger GUI and then again enabling it).

However when I log in using an LDAP user who is mapped with all Ranger permissions; ranger still does not allow full rights to user (e.g. + icon for creating a repository is missing). Also this user does not see policies created by ranger user 'admin'

Since the access to ranger user named 'admin' is not available when I configure Ranger to do sso authentication with knox; I have no way to do administrative tasks in ranger, since none of the LDAP users (authenticated to ranger admin via knox-ldap) will have permission equivalant to ranger's internal user named 'admin'.

How can I configure Ranger to allow one group/user from LDAP to act as Ranger Admin's admin?

2 REPLIES 2
Highlighted

Re: LDAP User does not get full admin priviledges in Ranger

Expert Contributor
@Prashant Chaudhari

Can you look at this JIRA https://issues.apache.org/jira/browse/RANGER-1491? Which version of Range are you using?

Highlighted

Re: LDAP User does not get full admin priviledges in Ranger

Contributor

@spolavarapu Thanks for your response.

I tried this in Ranger version 0.7.1 (Apache) as well as in HDP2.6.1. I will try it on HDP2.6.3 (having Ranger 0.8 I think).

Don't have an account?
Coming from Hortonworks? Activate your account here