Updated on 2024-12-11 GMT+08:00

Creating a Ranger Cluster

  1. Create a cluster by referring to Custom Purchase of a Cluster. Select the Ranger component during cluster creation.

    Currently, only normal MRS 1.9.2 clusters support Ranger. Security clusters with Kerberos authentication enabled do not support Ranger.
    Figure 1 Selecting the Ranger component

  2. Enable or disable Use External Data Sources to Store Metadata.

    • Enabled: An external MySQL database is used to store the user, group, and policy data of Ranger.
    • Disabled: The user, group, and policy data of Ranger is stored in the local database of the current cluster by default.

  3. If Use External Data Sources to Store Metadata is enabled, set Data Connection Type to RDS MySQL database. Select an existing data connection instance or click Create Data Connection to create a data connection.

    Figure 2 Using the RDS MySQL database

    If the selected data connection is an RDS MySQL database, ensure that the database user is a root user. If the database user is not a root user, log in to the database as user root and run the following SQL statement to grant permissions to the database user. In the command, ${db_name} and ${db_user} indicate the database name and username entered during data connection creation.

    grant select on mysql.user to ${db_user};
    grant all privileges on ${db_name}.* to '${db_user}'@'%' with grant option;
    grant reload on *.* to '${db_user}'@'%' with grant option;
    flush privileges;

  4. Configure other parameters by referring to Custom Purchase of a Cluster.

    • After the cluster is created, Ranger does not control users' permissions to access Hive and HBase.
    • When using Ranger to manage permissions for components such as Hive tables, submitting a Hive job on the console or client may result in a permission error message. To resolve this, adjust the user's database or table permissions in Ranger by following the policy addition procedure in Configuring Hive/Impala Access Permissions in Ranger or Configuring HBase Access Permissions in Ranger.