Support Questions
Find answers, ask questions, and share your expertise

Ranger adding an external user to an external group

Ranger adding an external user to an external group

New Contributor

Hello,

 

We need to add an external user to an external group, but I couldn't manage to do this. I've tried UI and also tried to do via Ranger REST API but no luck. 

 

Unfortunately, we cannot use the LDAP user sync feature; thus, we need to manage our users ourselves.

 

I've also navigated through the Ranger codebase as well but couldn't find it. 

1 REPLY 1
Highlighted

Re: Ranger adding an external user to an external group

Cloudera Employee

@ferdem 

 

If I understand correctly, you want to modify the group membership of the user, correct me if I am wrong 

Try following api call:-

curl -ivk -u admin:admin -H "Content-Type: application/json" -d '{"id":13,"createDate":"2020-12-23T07:55:04Z","updateDate":"2020-12-23T07:55:04Z","owner":"rangerusersync","updatedBy":"rangerusersync","name":"atlas","password":"*****","description":"atlas - add from Unix box","groupIdList":[6,59,4,131,133],"groupNameList":["atlas","hadoop","shadow"],"status":0,"isVisible":1,"userSource":1,"userRoleList":["ROLE_USER"],"otherAttributes":"{\"full_name\":\"atlas\",\"original_name\":\"atlas\"}"}'  -X PUT https://RANGER_HOST:6182/service/xusers/users

Its little bit big but if user is already added to ranger then run following api to get the id information for users:-

curl -ivk -u admin:admin -H "Accept : application/json" -X GET https://RANGER_HOST:6182/service/xusers/users

Once you have IDS for all users, you can run following crul api to get the json formatted data which you use to modify and then use PUT method in first API I mentioned:-

curl -ivk -u admin:admin -H "Accept: application/json" -X GET https://RANGER_HOST:6182/service/xusers/users/13

Above Curl api should return something like following:-

{"id":13,"createDate":"2020-12-23T07:55:04Z","updateDate":"2020-12-23T16:45:14Z","owner":"rangerusersync","updatedBy":"admin","name":"atlas","password":"*****","description":"atlas - add from Unix box","groupIdList":[133,6],"groupNameList":["apitest","atlas","hadoop","shadow","ssb"],"status":0,"isVisible":1,"userSource":1,"userRoleList":["ROLE_USER"],"otherAttributes":"{\"full_name\":\"atlas\",\"original_name\":\"atlas\"}"}

you have to modify "groupIdList":[133,6] from the above output copy entire output and pass it with PUT method as shown in the first api call mentioned above.

 
Don't have an account?