Manage Ranger policies

Available in VPC

Ranger provides granular access control for Secure Hadoop components. To add policies for new users or groups, follow these steps:

Access Ranger Admin UI

Access the Ranger Admin UI using the Ambari Quick Link.

The HDFS, HIVE, YARN, and KNOX policies are provided immediately after cluster creation.
The HBASE and TRINO policies are additionally provided depending on whether a corresponding add-on exists.

Manage Ranger policies

Click the service policy that needs to be added, edited, or deleted.

The examples of the HIVE policies are as follows. Items that you can control access to by service are listed with icons.

Edit Ranger policies

The key items of the Ranger Hive policies list screen are as follows:

1. Policy Name
   • The policies registered in the Hive service.
2. Users
   • The names of the user accounts that are granted permissions on the corresponding policy.
3. Action
   • The features you can perform for the corresponding policy are as follows:
     • View: view a policy.
     • Edit: edit a policy.
     • Delete: delete a policy.

In the detailed settings screen for Ranger policies, you can manually specify the resource unit and the subject to which permissions are granted.
You can set access permissions by adding or deleting a group or user through the select group or select user item. When you save the policy, access is limited to specified users only, and changes are applied in real time.

1. database: specify the Hive database to which the policies will be applied.
2. table: specify the Hive table to which the policies will be applied.
3. Hive Column: specify the column unit to which the policies will be applied.
4. Select Role: grant permissions to a specific role.
5. Select Group: specify group-level permissions.
6. Select User: specify user-level permissions.
7. Permissions: set detailed permissions to grant to a selected target.