Support Questions

Find answers, ask questions, and share your expertise

rest api to add user into ranger's policy

avatar

I want to add user into existing ranger policy , Is there some rest api available so that i can append username in the rest api and in turn it directly attach that user to existing ranger policy like hdfs policy ..etc.

5 REPLIES 5

avatar
Master Mentor

@Anurag Mishra

Are you talking about Ranger "Update Policy" API calls using (-X PUT operations). Something like described in the following link:

https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.6+-+REST+APIs+for+Service+Definit...

Example:

# curl -iv -u admin:admin -H "Content-Type: application/json" -d '{"policyName":"restCreate","resourceName":"*","description":"testing REST","repositoryName":"test_hadoop","repositoryType":"hdfs","isEnabled":true,"isRecursive":true,"isAuditEnabled":true,"permMapList":[{"userList":["ambari-qa","hdfs"],"permList":["Read","Write"]}]}' -X PUT http://$RANGER:6080/service/public/v2/api/policy/12

.

avatar
Master Mentor

Please notice the following section in the JSON payload:

"userList":["ambari-qa","hdfs"]

.

avatar

@Jay Kumar SenSharma

Hi Jay,

but with update option i would need to take all users into list , for e.g. I want to append user abc in hdfs policy and there are already five users, is there rest api which can append only this abc user without mentioning other five uses in userList .

and after execution of rest api user abc should be attached with other five users under the same policy ?

avatar
Master Mentor

@Anurag Mishra

I am not aware of any such API which can update only a particular Attribute's("userList") particular value.

The only option i see is to get the JSON output from the following call and then edit the JSON and then out back the edited json.

Get Policy JSON

# curl -u admin:admin -H "Content-Type: application/json"  -X GET http://$RANGER:6080/service/public/v2/api/policy/12  -o /tmp/policy_12.json

.

Now edit the JSON "/tmp/policy_12.json" and add new user in the "userList" section and then run the following curl command to update.

Update the JSON using Put

# curl -u admin:admin -H "Content-Type: application/json"  -X PUT -d @/tmp/policy_12.json http://$RANGER:6080/service/public/v2/api/policy/12 

.

avatar
Contributor

Hi,

I have a requirement like, i need to create hive policy with two groups .one group with "ALL" permissions to some "x" user and 2nd group with "select" permission to "y" user.

 

i have created policy through REST APi with one group but with "all" permissions but how to mention 2nd group with "select" permission in same create policy command.

 

Thanks in advance!

 

 

Srini Podili