THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Table of Contents
Introduction
This Doc explains details about configuring Ranger Atlas Plugin along with a few recommendations.
...
- Log into Ranger Admin with a user having admin role.
- Test the connectivity between Ranger Service and its target (Atlas) service. This isn’t essential but it would ease the policy authoring process.
- Ensure that you can see users and their group mappings in Ranger Admin.
Atlas Policy
Atlas policy Resource
Atlas policies, like all ranger policies are specific to a resource. Resource is the primary target of authorization.
...
Atlas plugin support the following Permissions:
Read
Create
Update
Delete
All
A policy item can specify multiple permissions.
Delegated administration
...
The Delegate Admin flag at policy item level can be used to delegate the administration responsibility for a policy to users or user-groups specified on that policy item.
...
- This is a handy way to free the corporate administrator from having to deal with low level administration details that are best left to department level super-users.
- If you check grant delegated admin flag at a policy level then those users and user-group members would be able to grant access privileges to other users at a resource level below the policies resource.
- This feature isn’t specific to Atlas but it is common to all plugins.
Audit specification
...
The policy can specify if access to the policy resource should be audited or not. Audit specification provides for aggregating the audit events such that similar events within a configurable timeframe would be logged as a single audit along with the total count. This can be particularly useful when audit volume is high.
...