Support Questions

Find answers, ask questions, and share your expertise

ranger user sync from text file

avatar
Expert Contributor

Hi,

I see you can user sync from a text file in ranger.... i wanted to make sure that even though it is a text file, the users in the text file have to be local unix users right? if they are not, then it will not work right?

1 ACCEPTED SOLUTION

avatar

Hi:

Ranger usersync syncs users from various sources to make these users available during security policy authoring via Ranger UI.

At the time of resource access, enforcement of policies is performed by Ranger plugins which depend on the actual service (for example HiveServer2 in case of Hive plugin, HDFS Namenode in case of HDFS plugin) to pass the identity of the user and the groups they belong to.

To answer your question, sync source used for ranger usersync does not really affect the actual access enforcement. As long as the users in your text file are consistent with the real user source (LDAP/Unix or AD), ranger policies will work fine.

Hope this helps.

View solution in original post

1 REPLY 1

avatar

Hi:

Ranger usersync syncs users from various sources to make these users available during security policy authoring via Ranger UI.

At the time of resource access, enforcement of policies is performed by Ranger plugins which depend on the actual service (for example HiveServer2 in case of Hive plugin, HDFS Namenode in case of HDFS plugin) to pass the identity of the user and the groups they belong to.

To answer your question, sync source used for ranger usersync does not really affect the actual access enforcement. As long as the users in your text file are consistent with the real user source (LDAP/Unix or AD), ranger policies will work fine.

Hope this helps.