You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Introduction

This Doc explains details about configuring Ranger Atlas Plugin along with a few recommendations.

Atlas is a scalable and extensible set of core foundational governance services – enabling enterprises to effectively and efficiently meet their compliance requirements within Hadoop and allows integration with the whole enterprise data ecosystem.

Prerequisites

Installation

  • Install, configure and start Ranger Admin.
  • Install, configure and start Ranger UserSync.
  • In Ranger Admin, create a service for each Hadoop service that will have Ranger authorization - e.g. HDFS, Hive, HBase, ..
  • Install Ranger plugin on the target Hadoop service, e.g. Hive, HBase, HDFS, Atlas etc. and restart the service.

If you are unsure about how to do the above then please refer to the following:

Verification and preparation for plugin

This document assumes that you have successfully performed the above steps.  In addition, please ensure that you have done the following:

  •  Log into Ranger Admin with a user having admin role.
  • Test the connectivity between Ranger Service and its target (Atlas) service.  This isn’t essential but it would ease the policy authoring process.
  • Ensure that you can see users and their group mappings in Ranger Admin.


Atlas Policy

Atlas policy Resource

 

Atlas policies, like all ranger policies are specific to a resource.  Resource is the primary target of authorization.

 

For Atlas Authorization, the REST API level authorization has been implemented, and user can easily verify the authorization by logging into the Atlas UI using a granted user’s credentials and by searching for Tags and Entities.

 

  1. Atlas policy resource can have resource as : taxonomy, entity, type, operation and term.

  2. Each resource field can take in multiple values.

  3. Include/exclude flag is specified at this resource level, default is include.  By turning the flag to exclude inverts the resource definition.

    1. For example, if you have a resource setup as follows: Taxonomy=CompanyName, Term=Finance.  and Term level is set to Exclude, then it means that means the resource is effectively referring to all Terms of Taxonomy CompanyName except the Term Finance.
      Note: As part of 0.6 release, all resources of Atlas supports * for resources only. More granular level of access control is planned for next release.  

    2. Use excludes flag in resource definition when it makes simplifies the policy definition.  Indiscriminate use of include/exclude flag can make reasoning about authorization challenging.

  4. Auditing is specified at the resource level.



  • No labels