Member since
11-03-2015
17
Posts
3
Kudos Received
1
Solution
My Accepted Solutions
| Title | Views | Posted |
|---|---|---|
| 1822 | 09-13-2016 02:39 PM |
04-28-2017
06:29 PM
5 Kudos
Hi Qi Wang: To your question "I know row level filter only has select. But does it also remove the permission from other policy? Like hive users universal access from the base policy.” --> In this case your user 'hive' has all permissions on all tables through the default access based policy. Also there is a row level policy for user 'hive’ on 'rowfilter' table. We have only ‘select’ privilege to choose in row level policy, what this means is that you are giving user ‘hive’ only ‘select' privilege on the table and that too with restrictions on what he can view on doing ‘select’. Why this is done? If you as a user are not allowed to even see the full contents of a particular table, you cannot be allowed to perform operations on that table. When Hive request comes in from a user, all row level policies are scanned for that user. If a row level policy found for the user, the access privileges are scanned on that resource by going through access policies. (An access policy needs to grant the user access to that resource, row filer policy does not grant access). Now since update is not granted by masking policy, the operation is denied. The request does not even reach access policy. Hope this helps.
... View more
10-17-2016
04:57 PM
1 Kudo
Pre-requisite : Remove the incubator-ranger project from eclipse if it's already there and close the eclipse.
Clone incubator-ranger repo in the local machine from GitHub. Ignore this step if you have already cloned the required ranger branch. To check out the code from Apache Incubator-ranger GIT repository refer below command.
For example :
git clone https://github.com/apache/incubator-ranger.git
Set JAVA_HOME in the environment variable. For example :
export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk.x86_64
Install maven 3.3.9 or higher. Ignore this step if required version of maven is already installed. To get the installed maven version try command : mvn -version For example :
cd /usr/local
wget http://mirror.fibergrid.in/apache/maven/maven-3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz
tar xvf apache-maven-3.3.9-bin.tar.gz
Set maven command line tool in the system path environment variable: For example :
export M2_HOME=/usr/local/apache-maven-3.3.9
export M2=$M2_HOME/bin
export PATH=$M2:$PATH Note : vim /etc/profile and add above export path variables there or add them in current user profile i.e .bashrc. Reconnect from the terminal to see changes. Remove older version of maven from machine to avoid maven version conflicts.
Build Apache incubator-ranger branch : Go to incubator-ranger directory and execute below command For example :
mvn clean compile package install assembly:assembly To add eclipse related config and dependency execute : For example :
mvn eclipse:eclipse
Import incubator-ranger project in Eclipse IDE : Open Eclipse Java EE IDE for Web Developers and import incubator-ranger project as a maven project in eclipse.
Update Spring libraries version : Change following spring libraries version to 3.1.3.
spring-beans-<version>.jar spring-context-<version>.jar spring-core-<version>.jar spring-web-<version>.jar
Steps to change above mentioned library version in eclipse : Select security-admin-web module then right click and click on properties option.
=> After clicking on properties menu; property window shall appear for the ranger-admin module. => On this window click on -> Java Build Path -> Libraries tab as shown below on attached screen, scroll down and select spring library of which version need to be changed. Note : In this article, we shall cover case for the spring-bean library only but you need to change the version of all 4 libraries mentioned in the previous step. => After selecting the spring-bean jar click on Edit button which is appearing at the right side of the screen. After clicking on edit button ‘edit variable entry’ prompt window shall appear as shown below on attached screen. => Click on Extension... button and select spring-beans-3.1.3.RELEASE.jar library as shown in attached screen below;
=> Click on OK button to confirm and save the changes. => Similarly change the version of spring-context, spring-core and spring-web libraries. Update configuration files to start ranger in Eclipse IDE : agents-common/pom.xml : Replace :
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
</dependency>
with :
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>${mysql-connector-java.version}</version>
</dependency>
pom.xml Remove :
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>${mysql-connector-java.version}</version>
<scope>test</scope>
</dependency>
security-admin/pom.xml Remove :
<groupId>org.springframework</groupId>
<artifactId>spring</artifactId>
<version>${springframework.spring.version}</version>
</dependency>
security-admin/src/main/resources/conf.dist/ranger-admin-site.xml Replace:
<property>
<name>ranger.audit.solr.urls</name>
<value>http://##solr_host##:6083/solr/ranger_audits</value>
<description></description>
</property>
with :
<property>
<name>ranger.audit.solr.urls</name>
<value>http://localhost:6083/solr/ranger_audits</value>
<description></description>
</property>
Replace :
<property>
<name>ranger.audit.source.type</name>
<value>db</value>
<description></description>
</property>
With :
<property>
<name>ranger.audit.source.type</name>
<value>solr</value>
<description></description>
</property> Also make sure ranger admin db is setup and credentials are configured properly in below given properties : <property>
<name>ranger.jpa.jdbc.url</name>
<value>jdbc:log4jdbc:mysql://localhost/ranger</value>
<description></description>
</property>
<property>
<name>ranger.jpa.jdbc.user</name>
<value>rangeradmin</value>
<description></description>
</property>
<property>
<name>ranger.jpa.jdbc.password</name>
<value>rangeradmin</value>
<description></description>
</property>
security-admin/src/main/webapp/META-INF/applicationContext.xml Replace :
<value>classpath:core-site.xml</value>
<value>classpath:ranger-admin-default-site.xml</value>
<value>classpath:ranger-admin-site.xml</value>
With :
<value>classpath:conf.dist/core-site.xml</value>
<value>classpath:conf.dist/ranger-admin-default-site.xml</value>
<value>classpath:conf.dist/ranger-admin-site.xml</value>
security-admin/src/main/webapp/WEB-INF/log4j.properties Add below line after 'log4j.rootLogger = warn,xa_log_appender'
logdir=/tmp security-admin/src/main/webapp/WEB-INF/web.xml Replace :
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>META-INF/applicationContext.xml
WEB-INF/classes/conf/security-applicationContext.xml
META-INF/scheduler-applicationContext.xml</param-value>
</context-param>
With :
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>META-INF/applicationContext.xml
WEB-INF/classes/conf/security-applicationContext.xml
META-INF/scheduler-applicationContext.xml</param-value>
</context-param>
Right click on security-admin-web module and click on ‘Run as’ -> ‘Run on Server’ option of appearing pop up window.
... View more
Labels: