Viewing Ranger User Permission Synchronization Information

Viewing Ranger Permission Information

1. Log in to the Ranger web UI as the Ranger administrator rangeradmin. For details, see Logging In to the Ranger Web UI.
2. Choose Settings > Users/Groups/Roles to view information about users, user groups, or roles in the system.
   • Users: displays all user information synchronized from LDAP or OS to Ranger.
   • Groups: displays information about all user groups and role information synchronized from LDAP or OS to Ranger.
   • Roles: displays information about roles created in Ranger.
   

   • The users, roles, user groups created on FusionInsight Manager are automatically synchronized to Ranger periodically. The default period is 300,000 milliseconds (5 minutes). After roles and user groups in FusionInsight Manager are synchronized to Ranger, they become user groups. Only roles and user groups that are associated with users can be automatically synchronized to Ranger.
   • The role created on the Ranger page is a set of users or user groups, which is used to flexibly set the permission access policies of components. The role is different from that on FusionInsight Manager. To prevent any delay in accessing Ranger permission information, it is best to restrict the number of users or user groups assigned to a role to no more than 1,000.
   • Users, roles, and user groups cannot be deleted on the Ranger web UI to prevent data inconsistency.

Adjusting Ranger User Types

1. Log in to the Ranger management page.

   To change the Ranger user type, you must log in as an admin user. For details about the user types, see Ranger User Type.

2. Choose Settings > Users/Groups/Roles. In the list of users, click the name of the user whose type you want to change.
3. Set Select Role to the type to be modified.
4. Click Save.

Creating a Ranger Role

Ranger administrators can flexibly configure permission access policies for components based on users, user groups, or roles. User and user group information is automatically synchronized from LDAP, and roles can be manually added.

1. Log in to the Ranger management page.
2. Choose Settings > Users/Groups/Roles > Roles > Add New Role.
3. Enter the role name and description as prompted.
4. Add users, user groups, and sub-roles to the role.
   • In the Users area, select a created user in the system and click Add Users.
   • In the Groups area, select a created user group and click Add Group.
   • In the Roles area, select a created role in the system and click Add Role.

   

5. Click Save. The role is added.
   

   Added roles cannot be deleted but can be modified.