Creating a Ranger Cluster
- Create a cluster by referring to Configuring a Cluster > Custom Creation of a Cluster in the User Guide. Select the Ranger component during cluster creation.
Currently, only normal MRS 1.9.2 clusters support Ranger. Security clusters with Kerberos authentication enabled do not support Ranger.Figure 1 Selecting the Ranger component
- Enable or disable Use External Data Sources to Store Metadata.
- Enabled: An external MySQL database is used to store the user, group, and policy data of Ranger.
- Disabled: The user, group, and policy data of Ranger is stored in the local database of the current cluster by default.
- If Use External Data Sources to Store Metadata is enabled, set Data Connection Type to RDS MySQL database. Select an existing data connection instance or click Create Data Connection to create a data connection.
Figure 2 Using the RDS MySQL database
If the selected data connection is an RDS MySQL database, ensure that the database user is a root user. If the database user is not a root user, log in to the database as user root and run the following SQL statement to grant permissions to the database user. In the command, ${db_name} and ${db_user} indicate the database name and username entered during data connection creation.
grant select on mysql.user to ${db_user}; grant all privileges on ${db_name}.* to '${db_user}'@'%' with grant option; grant reload on *.* to '${db_user}'@'%' with grant option; flush privileges;
- Configure other parameters by referring to Configuring a Cluster > Custom Creation of a Cluster in the User Guide.
- After the cluster is created, Ranger does not control users' permissions to access Hive and HBase.
- When Ranger is used to manage component permissions, for example, manage Hive table permissions, if a user submits a Hive job (operation on Hive data tables) on the interface or client, a message may be displayed indicating that the user does not have the permissions. In this case, you need to configure the database or table permissions for the user who submits the job in Ranger. For details, see the step for adding a policy in Configuring Hive/Impala Access Permissions in Ranger or Configuring HBase Access Permissions in Ranger.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot