Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger tagsync with file source

Solved Go to solution

Ranger tagsync with file source

New Contributor

Hi there! I'm try to deploy Apache Ranger ranger-tagsync module without Apache Atlas.

I'm enable option "TAG_SOURCE_FILE_ENABLED = true" but can't understand the way of creating needed tags.json file.

In my plan, my own deamon will simply generate this file for tagging hive-columns giving tag-based policies opportunity masking this columns for usergroups.

Mostly i'am follow next article:

https://community.hortonworks.com/articles/135895/how-to-mask-columns-in-hive-with-atlas-and-ranger....

but it's a problem to create working file-prototype.

I'am need worked examples of this file or Atlas REST output with same actions.

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Ranger tagsync with file source

New Contributor

For the futures.

Far along time i'm create correct view of tagsync source json file.

Work example of HIVE-service tagfile

At this example, database "default" , table "personal data", column "address" mark with PII tag; database "default" , table "personal data", column "phone" mark with PAD tag :

   {
     "op": "add_or_update",
     "serviceName": "AUTH_HIVE",
     "tagVersion": 3,
     "tagDefinitions": {
     "1":{"id":1, "guid":"tagdef-1", "name":"PAD", "attributeDefs":[], "owner":0},
     "2":{"id":2, "guid":"tagdef-2", "name":"PII", "attributeDefs":[], "owner":0}
     },
     "tags": {
       "1": {
         "type": "PAD",
         "attributes": {},
         "id": 1,
         "guid": "tag-pad-1-guid"
       },
      "2": {
         "type": "PII",
         "attributes": {},
         "id": 2,
         "guid": "tag-pii-2-guid"
       }
     },
     "serviceResources": [
       {
         "serviceName": "AUTH_HIVE",
         "resourceElements": {
           "database": { "values": [ "default" ] },
           "table": { "values": [ "personal_data" ] },
           "column": { "values": [ "address" ] }
         },
         "id": 1,
         "guid": "employee.personal.address-guid"
       },
       {
         "serviceName": "AUTH_HIVE",
         "resourceElements": {
           "database": { "values": [ "default" ] },
           "table": { "values": [ "personal_data" ] },
           "column": { "values": [ "phone" ] }
         },
         "id": 2,
         "guid": "employee.personal.phone-guid"
       }
     ],
     "resourceToTagIds": {
       "1": [ 1 ],
       "2": [ 2 ]
     }
   }


Work example for HBASE-service

hbase table "weblog" with column-family "user_profile" is hiding :

   {
     "op": "add_or_update",
     "serviceName": "AUTH_HBASE",
     "tagVersion": 3,
     "tagDefinitions": {
     "1":{"id":1, "guid":"tagdef-hb1", "name":"PII", "attributeDefs":[], "owner":0}
     },
     "tags": {
       "1": {
         "type": "PII",
         "attributes": {},
         "id": 1,
         "guid": "tag-pii-hb1-guid"
       }
     },
     "serviceResources": [
       {
         "serviceName": "AUTH_HBASE",
         "resourceElements": {
           "table": { "values": [ "default:weblog" ] },
           "column-family": { "values": [ "user_profile" ] }
         },
         "id": 1,
         "guid": "weblog.user.profile-guid"
       }
     ],
     "resourceToTagIds": {
       "1": [ 1 ]
     }
   }

Ask your questions

2 REPLIES 2

Re: Ranger tagsync with file source

Community Manager

@Konstantin Tsypin Your message was misposted in the Community Help track previously. That track is for questions and answers about how to use the community website. Your question was moived to the Security track on Sun Apr 28 2019.

Bill Brooks, Community Manager
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Re: Ranger tagsync with file source

New Contributor

For the futures.

Far along time i'm create correct view of tagsync source json file.

Work example of HIVE-service tagfile

At this example, database "default" , table "personal data", column "address" mark with PII tag; database "default" , table "personal data", column "phone" mark with PAD tag :

   {
     "op": "add_or_update",
     "serviceName": "AUTH_HIVE",
     "tagVersion": 3,
     "tagDefinitions": {
     "1":{"id":1, "guid":"tagdef-1", "name":"PAD", "attributeDefs":[], "owner":0},
     "2":{"id":2, "guid":"tagdef-2", "name":"PII", "attributeDefs":[], "owner":0}
     },
     "tags": {
       "1": {
         "type": "PAD",
         "attributes": {},
         "id": 1,
         "guid": "tag-pad-1-guid"
       },
      "2": {
         "type": "PII",
         "attributes": {},
         "id": 2,
         "guid": "tag-pii-2-guid"
       }
     },
     "serviceResources": [
       {
         "serviceName": "AUTH_HIVE",
         "resourceElements": {
           "database": { "values": [ "default" ] },
           "table": { "values": [ "personal_data" ] },
           "column": { "values": [ "address" ] }
         },
         "id": 1,
         "guid": "employee.personal.address-guid"
       },
       {
         "serviceName": "AUTH_HIVE",
         "resourceElements": {
           "database": { "values": [ "default" ] },
           "table": { "values": [ "personal_data" ] },
           "column": { "values": [ "phone" ] }
         },
         "id": 2,
         "guid": "employee.personal.phone-guid"
       }
     ],
     "resourceToTagIds": {
       "1": [ 1 ],
       "2": [ 2 ]
     }
   }


Work example for HBASE-service

hbase table "weblog" with column-family "user_profile" is hiding :

   {
     "op": "add_or_update",
     "serviceName": "AUTH_HBASE",
     "tagVersion": 3,
     "tagDefinitions": {
     "1":{"id":1, "guid":"tagdef-hb1", "name":"PII", "attributeDefs":[], "owner":0}
     },
     "tags": {
       "1": {
         "type": "PII",
         "attributes": {},
         "id": 1,
         "guid": "tag-pii-hb1-guid"
       }
     },
     "serviceResources": [
       {
         "serviceName": "AUTH_HBASE",
         "resourceElements": {
           "table": { "values": [ "default:weblog" ] },
           "column-family": { "values": [ "user_profile" ] }
         },
         "id": 1,
         "guid": "weblog.user.profile-guid"
       }
     ],
     "resourceToTagIds": {
       "1": [ 1 ]
     }
   }

Ask your questions