Reputation: 351
Apache ranger updating permissions via third party
Im trying to see if there is a possiblity to update permissions on apache ranger by user access via a third party that contains his permissions.
for example:
A user tries to access a hive table protected by a tag policy, before the ranger checks for his priviliges he runs a script\api call to check with a third party if that user indeed has access (incase he recently recieved access from a diffrent party)
Is there such a possiblity in Ranger or anything similar to it?
Thanks in advance!
Upvotes: 0
Views: 220
Answers (1)
Reputation: 936
@coading_potato Ranger does not enforce policies, Let's talk about HDFS, so in this case, Namenode will fetch policies from Ranger Admin and keep a copy of the policies in policaycache.json file. Each time any hdfs operation happens, namenode will read the policies from policaycache.json file.
If you take down the ranger, policies will still work.
About automating for creation of policies, you can certainly use scripts but that would not be a good practice.
I understand from question that you have tag based policies, so I would suggest tags and groups for creating policies. This will certainly reduce your work.
Upvotes: 1
Related Questions
- Django (drf) dynamic permissions from BasePermission
- Ranger tag permissions appear to not take effect in Atlas
- How to migrate roles from one apache ranger instance to other instance?
- update user info permission in Django rest framework
- How to deal with hierarchical roles/permissions using Apache Shiro?
- REST: update a resource with different fields requiring different user permissions
- Java API for creating Ranger Policy
- REST, caching, and authorizing with multiple user roles
- Apache - authorising a user in multiple groups
- Update files as different User