...
Getting started
General Features
Login to the system:
- You can Login to the system by providing your username and password. For simplicity, your username is also displayed on your home page. Be aware that the website login is case sensitive.You must use capital letters,numbers where appropriate in your username and password.
Log out to the system:
- Your username is also displayed on your homepage, on top right. Option to Logout is provided under the drop list here.
Service Manager (Access Manager)
- The Access Manager is accessible from the top page. The top page shows a list of tools supported by Ranger’s solution. The Access Manager adds and administers the services.
Delegated Admin
...
You can enable and disable the policy.By default the policy is in enabled state.After disabling the policy the user (except admin and admin user)won't have rights to access the policy anymore.
Add Service
- You can add a service by clicking on the plus icon next to each column on the Service Manager page. Details of the service and other config properties can be added in this step. The added service will be listed as show below.
...
Step 2 : Add a Service screen
1.HDFS
Label | Description |
Service name | Name of the service,you will need to specify the service name in the agent config |
Description | Give any description for reference |
Active Status | You can choose this option to enable or disable the service |
User name | Specify the end system username that can be used for connection |
Password | Add the password for username above |
Namenode URL | |
Authorization Enabled | Authorization involves restricting access to resources.If enable,user need authorization credential. |
Authentication Type | Specify the authentication type |
hadoop.security.auth_to_local | It should be taken from hadoop configuration file,core-site.xml; Mapping of login credential to a username with hadoop |
dfs.datanode.kerberos.principal | It should be taken from hadoop configuration file,hdfs-site.xml;Provide only if kerberos authentication is enabled; Principle associated with datanode |
dfs.namenode.kerberos.principal | It should be taken from hadoop configuration file,hdfs-site.xml;Provide only if kerberos authentication is enabled; Principle associated with namenode |
dfs.secondary.namenode.kerberos.principal | Should be taken from hadoop configuration file, hdfs-site.xml; Provide only if kerberos authentication is enabled; principal associated with secondary- namenode |
RPC Protection Type | Only authorised user can view,use and contribute to a dataset |
Common Name for certificate | Specify the name of the certificate |
Add new Configurations | Specify the new configurations |
2. HIVE
Label | Description |
Service Name | Name of the service, you will need to specify the service name in the agents config |
Description | Give any description for reference. |
Active Status | You can choose this option to enable or disable the service |
Username | Specify the end system user name that can be used for connection |
Password | Add the password for username above |
jdbc.driverClassName | Specify the full classname of the driver used for Hive connections. The default HiveServer2 classname is org.apache.hive.jdbc.HiveDriver |
jdbc.url | |
Common name for certificate | Specify common name for certificate |
Add new configurations | Specify new configurations |
3.HBASE
...
Search Criteria | Description |
Access Enforcer | Access enforcer indicates who made the decision to allow or deny. In case of HDFS, the enforcer would XA (Ranger) or Hadoop. |
Access Type | Type of access user has for e.g read,write |
Start date,End date | Time and date is stored for each access.A date range is used to filter the results for that particular date range. |
Service Name | The name of the service which the user tries to access |
Service Type | The type of the service which the user tries to access |
Result | This shows whether the operation was successfull or not |
User | Name of the user which tried to access the resource |
Client ip | Ip address of the user system which tried to access the resource |
Admin
- This module Contains all events for the HDP Security Administration Web UI, including Service, Policy Manager, Log in, etc. (actions like create,update,delete,password change).You can filter the data based on the following
Search Criteria | Description |
Action | These are operations performed on resources e.g(actions like create,update,delete,password change) |
Audit Type | There are three values Resource,asset and xa user according to operations performed on Service,policy and users. |
Session id | The session count increments each time you try to login to the system |
Start Date | Login time and date is stored for each session.A date range is used to filter the results for that particular date range |
User | Username who has performed create,update,delete operation. |
...
- This module logs the information related to the sessions for each login.You can filter the data based on
Search Criteria | Description |
End Date,Start Date | Login time and date is stored for each session.A date range is used to filter the results for that particular date range |
Ip | The IP of the system through which we log in |
Login id | The user name through which you login to the system |
Login Type | The mode through which the user tries to login.(By entering username and password) |
Result | Result based on login pass or fail |
Session id | The session count increments each time you try to login to the system |
User Agent | Login time and date is stored for each session |
- Click on session id for session details.
...
- This module shows the upload history of the Security Agents.This module displays all the services Exported from the system.You can filter the data based on the followin.
Search Criteria | Description |
Http Response Code | The http code which you get when you try to export the Services |
Plugin IP | Ip of the agent which tries to export the service |
Plugin Id | Name of the agent which tries to export the service |
Start Date,End Date | Export time and date is stored for each agent. A date range is used to filter the results for that particular date range. |
Service Name | The service name we are trying to export. |
- Plugins tab is useful to check components are communicating successfully with ranger or not.
...