Adding a Ranger Access Permission Policy for OBS
Scenario
Ranger administrators can use Ranger to configure the read and write permissions on OBS directories or files for OBS users.
This section applies only to MRS 3.3.0-LTS or later.
Prerequisites
- The Ranger service has been installed and is running properly.
- You have created a user group for which you want to configure permissions.
- The Guardian service has been installed.
Procedure
- Log in to the Ranger web UI as the Ranger administrator rangeradmin. For details, see Logging In to the Ranger Web UI.
- On the home page, click the component plug-in name in the EXTERNAL AUTHORIZATION area, for example, OBS.
- Click Add New Policy to add an OBS permission control policy.
- Configure the parameters listed in the table below based on service requirements.
Table 1 OBS permission parameters Parameter
Description
Policy Name
Policy name, which can be customized and must be unique in the service.
Policy Label
A label specified for the current policy. You can search for reports and filter policies based on labels.
Resource Path
Resource path, which is the OBS path folder to which the current policy applies. You can enter multiple values but cannot use wildcards (*). The configured OBS path folder must exist. Otherwise, the authorization fails.
By default, permission recursion is enabled on OBS and cannot be modified. Subdirectories without any permission inherit all permissions of their parent directories.
Description
Policy description.
Audit Logging
Whether to audit the policy.
Allow Conditions
Policy allowed condition. You can configure permissions allowed by the policy.
In the Select Group column, select the created user group to which you want to grant permissions. (The configuration of Select Role or Select User does not take effect.)
Click Add Permissions to add permissions.
- Read: permission to read data
- Write: permission to write data
- Select/Deselect All: permission to select or deselect all
To add multiple permission control rules, click . To delete a permission control rule, click .
To give user group hs_group1 the read and write access to the obs://hs-test/user/hive/warehouse/o4 table, follow the following configuration steps. Note that user group names can only contain up to 52 characters, including numbers (0 to 9), letters (A to Z or a to z), underscores (_), and number signs (#). Otherwise, the policy will fail to add.
- Click Add to view the basic information about the policy in the policy list. After the policy takes effect, check whether the related permissions are normal.
If a policy is no longer used, click to delete it.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot