Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

ranger user sync from text file

Labels:
avatar
author-rank pmj
Expert Contributor

Created ‎02-09-2018 04:33 PM

Hi,

I see you can user sync from a text file in ranger.... i wanted to make sure that even though it is a text file, the users in the text file have to be local unix users right? if they are not, then it will not work right?

1,253 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank vperiasamy author-rank
Guru

Created ‎02-09-2018 05:25 PM

Hi:

Ranger usersync syncs users from various sources to make these users available during security policy authoring via Ranger UI.

At the time of resource access, enforcement of policies is performed by Ranger plugins which depend on the actual service (for example HiveServer2 in case of Hive plugin, HDFS Namenode in case of HDFS plugin) to pass the identity of the user and the groups they belong to.

To answer your question, sync source used for ranger usersync does not really affect the actual access enforcement. As long as the users in your text file are consistent with the real user source (LDAP/Unix or AD), ranger policies will work fine.

Hope this helps.

View solution in original post

1,182 Views
0 Kudos
0
1 REPLY 1

avatar
author-rank vperiasamy author-rank
Guru

Created ‎02-09-2018 05:25 PM

Hi:

Ranger usersync syncs users from various sources to make these users available during security policy authoring via Ranger UI.

At the time of resource access, enforcement of policies is performed by Ranger plugins which depend on the actual service (for example HiveServer2 in case of Hive plugin, HDFS Namenode in case of HDFS plugin) to pass the identity of the user and the groups they belong to.

To answer your question, sync source used for ranger usersync does not really affect the actual access enforcement. As long as the users in your text file are consistent with the real user source (LDAP/Unix or AD), ranger policies will work fine.

Hope this helps.

1,183 Views
0 Kudos
0
Announcements
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements