Help Center > > User Guide> MRS Cluster Component Operation Guide> Using Ranger> Creating a Ranger Cluster

Creating a Ranger Cluster

Updated at: Apr 28, 2020 GMT+08:00
  1. Create a cluster by referring to Custom Purchase of a Cluster. Select the Ranger component (available only for MRS 1.9.1).

    Currently, only normal clusters support Ranger. Security clusters with Kerberos authentication enabled do not support Ranger.
    Figure 1 Selecting the Ranger component

  2. Enable or disable Use External Data Sources to Store Metadata.

    • Enabled: An external MySQL database is used to store the user, group, and policy data of Ranger.
    • Disabled: The user, group, and policy data of Ranger is stored in the local database of the current cluster by default.

  3. If Use External Data Sources to Store Metadata is enabled, set Data Connection Type to RDS MySQL database. Select an existing data connection instance or click Create Data Connection to create a data connection.

    Figure 2 Using the RDS MySQL database

    If the selected data connection is an RDS MySQL database, ensure that the database user is a root user. If the database user is not a root user, log in to the database as user root and run the following SQL statement to grant permissions to the database user. In the command, ${db_name} and ${db_user} indicate the database name and username entered during data connection creation.

    grant all privileges on mysql.* to '${db_user}'@'%' with grant option;
    grant all privileges on ${db_name}.* to '${db_user}'@'%' with grant option;
    grant reload on *.* to '${db_user}'@'%' with grant option;
    flush privileges;

  4. Configure other parameters and create the cluster by referring to Custom Purchase of a Cluster.

    • After the cluster is created, Ranger does not control users' permissions to access Hive and HBase.
    • When Ranger is used to manage component permissions, for example, manage Hive table permissions, if a user submits a Hive job (operation on Hive data tables) on the interface or client, a message may be displayed indicating that the user does not have permission. In this case, you need to configure the database or table permission for the user who submits the job in Ranger. For details, see the step for adding a policy in Configuring Hive Access Permissions in Ranger or Configuring HBase Access Permissions in Ranger.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?

Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel