Support Questions

Find answers, ask questions, and share your expertise

Ranger tagsync with file source

avatar
Explorer

Hi there! I'm try to deploy Apache Ranger ranger-tagsync module without Apache Atlas.

I'm enable option "TAG_SOURCE_FILE_ENABLED = true" but can't understand the way of creating needed tags.json file.

In my plan, my own deamon will simply generate this file for tagging hive-columns giving tag-based policies opportunity masking this columns for usergroups.

Mostly i'am follow next article:

https://community.hortonworks.com/articles/135895/how-to-mask-columns-in-hive-with-atlas-and-ranger....

but it's a problem to create working file-prototype.

I'am need worked examples of this file or Atlas REST output with same actions.

Thank you.

1 ACCEPTED SOLUTION

avatar
Explorer

For the futures.

Far along time i'm create correct view of tagsync source json file.

Work example of HIVE-service tagfile

At this example, database "default" , table "personal data", column "address" mark with PII tag; database "default" , table "personal data", column "phone" mark with PAD tag :

   {
     "op": "add_or_update",
     "serviceName": "AUTH_HIVE",
     "tagVersion": 3,
     "tagDefinitions": {
     "1":{"id":1, "guid":"tagdef-1", "name":"PAD", "attributeDefs":[], "owner":0},
     "2":{"id":2, "guid":"tagdef-2", "name":"PII", "attributeDefs":[], "owner":0}
     },
     "tags": {
       "1": {
         "type": "PAD",
         "attributes": {},
         "id": 1,
         "guid": "tag-pad-1-guid"
       },
      "2": {
         "type": "PII",
         "attributes": {},
         "id": 2,
         "guid": "tag-pii-2-guid"
       }
     },
     "serviceResources": [
       {
         "serviceName": "AUTH_HIVE",
         "resourceElements": {
           "database": { "values": [ "default" ] },
           "table": { "values": [ "personal_data" ] },
           "column": { "values": [ "address" ] }
         },
         "id": 1,
         "guid": "employee.personal.address-guid"
       },
       {
         "serviceName": "AUTH_HIVE",
         "resourceElements": {
           "database": { "values": [ "default" ] },
           "table": { "values": [ "personal_data" ] },
           "column": { "values": [ "phone" ] }
         },
         "id": 2,
         "guid": "employee.personal.phone-guid"
       }
     ],
     "resourceToTagIds": {
       "1": [ 1 ],
       "2": [ 2 ]
     }
   }


Work example for HBASE-service

hbase table "weblog" with column-family "user_profile" is hiding :

   {
     "op": "add_or_update",
     "serviceName": "AUTH_HBASE",
     "tagVersion": 3,
     "tagDefinitions": {
     "1":{"id":1, "guid":"tagdef-hb1", "name":"PII", "attributeDefs":[], "owner":0}
     },
     "tags": {
       "1": {
         "type": "PII",
         "attributes": {},
         "id": 1,
         "guid": "tag-pii-hb1-guid"
       }
     },
     "serviceResources": [
       {
         "serviceName": "AUTH_HBASE",
         "resourceElements": {
           "table": { "values": [ "default:weblog" ] },
           "column-family": { "values": [ "user_profile" ] }
         },
         "id": 1,
         "guid": "weblog.user.profile-guid"
       }
     ],
     "resourceToTagIds": {
       "1": [ 1 ]
     }
   }

Ask your questions

View solution in original post

2 REPLIES 2

avatar

@Konstantin Tsypin Your message was misposted in the Community Help track previously. That track is for questions and answers about how to use the community website. Your question was moived to the Security track on Sun Apr 28 2019.

Bill Brooks, Community Moderator
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
Explorer

For the futures.

Far along time i'm create correct view of tagsync source json file.

Work example of HIVE-service tagfile

At this example, database "default" , table "personal data", column "address" mark with PII tag; database "default" , table "personal data", column "phone" mark with PAD tag :

   {
     "op": "add_or_update",
     "serviceName": "AUTH_HIVE",
     "tagVersion": 3,
     "tagDefinitions": {
     "1":{"id":1, "guid":"tagdef-1", "name":"PAD", "attributeDefs":[], "owner":0},
     "2":{"id":2, "guid":"tagdef-2", "name":"PII", "attributeDefs":[], "owner":0}
     },
     "tags": {
       "1": {
         "type": "PAD",
         "attributes": {},
         "id": 1,
         "guid": "tag-pad-1-guid"
       },
      "2": {
         "type": "PII",
         "attributes": {},
         "id": 2,
         "guid": "tag-pii-2-guid"
       }
     },
     "serviceResources": [
       {
         "serviceName": "AUTH_HIVE",
         "resourceElements": {
           "database": { "values": [ "default" ] },
           "table": { "values": [ "personal_data" ] },
           "column": { "values": [ "address" ] }
         },
         "id": 1,
         "guid": "employee.personal.address-guid"
       },
       {
         "serviceName": "AUTH_HIVE",
         "resourceElements": {
           "database": { "values": [ "default" ] },
           "table": { "values": [ "personal_data" ] },
           "column": { "values": [ "phone" ] }
         },
         "id": 2,
         "guid": "employee.personal.phone-guid"
       }
     ],
     "resourceToTagIds": {
       "1": [ 1 ],
       "2": [ 2 ]
     }
   }


Work example for HBASE-service

hbase table "weblog" with column-family "user_profile" is hiding :

   {
     "op": "add_or_update",
     "serviceName": "AUTH_HBASE",
     "tagVersion": 3,
     "tagDefinitions": {
     "1":{"id":1, "guid":"tagdef-hb1", "name":"PII", "attributeDefs":[], "owner":0}
     },
     "tags": {
       "1": {
         "type": "PII",
         "attributes": {},
         "id": 1,
         "guid": "tag-pii-hb1-guid"
       }
     },
     "serviceResources": [
       {
         "serviceName": "AUTH_HBASE",
         "resourceElements": {
           "table": { "values": [ "default:weblog" ] },
           "column-family": { "values": [ "user_profile" ] }
         },
         "id": 1,
         "guid": "weblog.user.profile-guid"
       }
     ],
     "resourceToTagIds": {
       "1": [ 1 ]
     }
   }

Ask your questions