Community Articles

Find and share helpful community-sourced technical articles.
Celebrating as our community reaches 100,000 members! Thank you!
Labels (1)

Background: when it comes to rely completely on ranger, and if you are specific about configuring authorization for a resource to an end user then you have to create one policy for each resource. There should be a way to configure a policy that provide access to specific resources based on the User who is making call.


{USER} Support: {USER} support solves this problem , It allows us to create a policy where we can configure resource as {USER} Eg. /user/{USER} and select user also as {USER}. that means all users will get access of their corresponding home directory.

Eg. Hdfs: resource: /user/{USER}

user1 will have access to /user/user1

user2 will have access to /user/user2

Hive: resource: database:database_{USER}

user1 will have access to database database_user1

user2 will have access to database database_user2

resource may contrain {USER} partially or fully.

delimiter can be customised also ,

Steps to configure {USER}:

1) go to ranger admin, and create policy page, there on resource give {USER} as input.


2) in user type {USER} and {USER} will populate , just select it and add the policy


more details can be found at