...
The Access Manager is accessible from the top menu bar. The top menu bar shows a list of modules supported by Ranger Admin.
The Access Manager module helps in adding and administering various supported Services and Policies under those services.
Add Service
- You can add a service by clicking on the plus icon next to each column on the Service Manager page. Details of the service and other config properties can be added in this step. The added service will be listed as shown below.
...
Label | Description |
Policy name | Enter an appropriate policy name. This name is cannot be duplicated in the same Service type (Knox). |
Knox topology | Enter an appropriate Topology Name |
Knox service | Enter an appropriate Service Name |
Audit Logging | Choose whether the particular policy will be audited or not. |
Group permissions | From a user group list, pick a particular group and choose permissions for that group. |
User permissions | From a user user list, pick a particular user and choose permissions for that user. |
Enable/disable | By default the policy is enabled. You can disable a policy to restrict user/group access for that policy. |
Include/Exclude | The include flag means it will consider the values entered in the field. The default value is set as include. The exclude Flag will exclude all the table names or column names entered in that particular field. |
...
Note |
---|
Topology name: A topology is a graph of computation. Each node in a topology contains processing logic, and links between nodes indicate how data should be passed around between nodes. |
Label | Description |
Policy name | Enter an appropriate policy name. This name is cannot be duplicated across the system. |
Storm topology | Enter an appropriate Topology Name |
Audit logging | Choose whether the particular policy will be audited or not. |
Group permission | From a user group list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the group as admin for chosen resource |
User permission | From a user list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the user as admin for the chosen resource |
Enable/disable | By default the policy is enabled.You can disable a policy to restrict user/group access for that policy. |
Include/Exclude | The include flag means it will consider the values entered in the field. The default value is set as include. The exclude Flag will exclude all the table names or column names entered in that particular field. |
Note |
---|
Wildcards: Wildcards can be included in resource path.’*’ indicates zero or more occurs of characters.’?‘ indicates single character. You can use wildcards in the topology name.for e.g topology name as ?. |
Permission | Description |
Submit Topology | Allows user to submit a topology |
File upload | Allows user to upload files |
Get Nimbus Conf | Allows user to access Nimbus Configuration |
Get Cluster info | Allows user to get Cluster Information |
File Download | Allows user to Download Files |
Kill Topology | Allows user to kill a topology |
Rebalance | Allows user to Rebalance topologies |
Activate | Allows user to Activate topology |
Deactivate | Allows user to Deactivate topology |
Get Topology Conf | Allows user to access Topology Configuration |
Get Topology | Allows user to access Topology |
Get User Topology | Allows user to access user Topology |
Get Topology Info | Allows user to access Topology Information |
Upload New Credential | Allows user to upload new credential |
Edit / Delete STORM
POliciesPolicies
You can edit/delete a policy from the STORM Policy Listing page by clicking on the edit/delete button next to policy row.
YARN
Adding Yarn policies
You can add a new policy from the YARN Policy Listing Page. On add , the policy should be listed in the table below. You can search a Policy by ‘Group name’, ’Policy name’, ’queue’’Queue’, ’Status’, ’username’.
Step 1 : Click on the Add New Policy button on listing page
...
Label | Description |
Policy Name | Enter an appropriate policy name. This name is cannot be duplicated across the system. |
Queue | The fundamental unit of scheduling in yarn |
Audit Logging | Choose whether the particular policy will be audited or not. |
Enable/disable | By default the policy is enabled.You can disable a policy to restrict user/group access for that policy. |
Recursive | You can indicate whether all files or folders within the existing folder comes under the policy.Can be used instead of wildcard characters |
User Permission | From a user list, pick a particular group user and choose permissions for that group. Choosing admin permission will designate the user as admin for the chosen resourceuser. |
Group Permission | From a user group list, pick a particular group and choose permissions for that group. Choosing admin permission will designate the group as admin for chosen resource |
Note |
---|
Wildcards: Wildcards can be included in resource path.’*’ indicates zero or more occurs of characters.’?‘ indicates single character.You can use wildcards in the topology name.for e.g topology name as ?. |
...
You can add a new policy from the STORM Solr Policy Listing Page. On add , the policy should be listed in the table below. You can search a Policy by 'Collection', 'Group name', 'Policy name', 'status', 'user name'.
Step 1 : Click on the Add New Policy button on listing page
...
Label | Description |
Policy Name | Enter an appropriate policy name. This name is cannot be duplicated across the systemfor the same Service type (Solr) |
Solr connection | http:<host_ip>:6083/solr |
Audit logging | Choose whether the particular policy will be audited or not. |
Group permission | From a user group list, pick a particular group and choose permissions for that group. Choosing solr admin permission will designate the group as admin for chosen resource |
User Permission | From a user list, pick a particular group user and choose permissions for that groupuser. Choosing solr admin permission will designate the user as admin for the chosen resource |
Enabled/disabled | By default the policy is enabled.You can disable a policy to restrict user/group access for that policy. |
Include/Exclude | The include flag means it will consider the values entered in the field.The default value is set as include.The exclude Flag will exclude all the table names or column names entered in that particular field. |
Permission | Description |
Querry | Permission to fetch records from Solr DB. |
Update | Permission to update records in Solr |
Others | |
Solr Admin | Permission to manage user accounts and |
Edit / Delete SOLR Policies
- You can edit/delete a policy from the SOLR Policy Listing page by clicking on the edit/delete button next to policy row.
KAFKA
Adding KAFKA Policies
You can add a new policy from the KAFKA Policy Listing Page. On add , the policy should be listed in the table below. You can search a Policy by ‘Group name’,’Policy name’,Status,topic,’username’.
...
Label | Description |
Policy name | Enter an appropriate policy name. This name is cannot be duplicated across the systemfor the same Service type (Kafka) |
Topic | A topic is a category or feed name to which messages are published. |
Audit logging | Choose whether the particular policy will be audited or not. |
User permission | From a user list, pick a particular group user and choose permissions for that groupuser. Choosing admin Kafka Admin permission will designate the user as admin for the chosen resource |
Group permission | From a user group list, pick a particular group and choose permissions for that group. Choosing admin Kafka Admin permission will designate the group as admin for chosen resource |
Enable/Disable | By default the policy is enabled.You can disable a policy to restrict user/group access for that policy. |
Include/Exclude | The include flag means it will consider the values entered in the field. The default value is set as include. The exclude Flag will exclude all the table names or column names entered in that particular file |
Note |
---|
Wildcards: Wildcards can be included in resource path.’*’ indicates zero or more occurs of characters.’?‘ indicates single character. You can use wildcards in the topology topic name.for e.g topology topic name as ?. |
Permission | Description |
Publish | A process that publish message to kafka topic producers. |
Consume | Consume only a subset of the partitions in a topic in a process |
Configure | Configure the kafka broker/cluster |
Describe | Permission to fetch metadata on the topic |
Kafka Admin |
USERS/GROUPS
...