SlideShare a Scribd company logo

Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger Extensibility Framework & Case Study for integration with Apache HAWQ

Download as PPTX, PDF
DataWorks Summit
DataWorks Summit

The document provides an overview of Apache Ranger, focusing on its role in securing various Hadoop components through authentication, authorization, and auditing. It details the administration and integration of Ranger with components like HDFS, Hive, and HBase, emphasizing policy management and audit log generation. Additionally, it outlines how to enable services with Ranger, including service definitions and plugin interfaces.

Technology
1 of 19
Downloaded 85 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
1 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Apache Ranger – Extending Authorization beyond Hadoop Ramesh Mani Apache Ranger committer, PMC member Abhay Kulkarni Apache Ranger committer
2 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Overview • Securing Hadoop components • HDFS, Hive, HBase, Knox, Strom, YARN, Kafka, Solr, Atlas, Nifi • Authentication, Authorization and Audit • Authentication • Identifying the user • Authorization • Authoring • Defining access policies • Implementing Access Policies • Audit • Access audit logs • Operation logs
3 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda • Ranger • What is Ranger? • Why Ranger? • Enabling a component to use Ranger for access control • How to define authorization needs of a component for Ranger integration? • How to enforce authorization policies for component? • Custom extension • Demo on Sample Application • A simple application with Ranger Authorization
4 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Authorization and Auditing w/ Ranger HDFS Ranger Administration Portal HBase Hive Server2 Ranger Policy Store Ranger Audit Store Ranger Plugin HadoopComponents Enterprise Users Ranger Plugin Ranger Plugin Legacy Tools & Data Governance Integration API Knox Storm Ranger Plugin Ranger Plugin EnterpriseServices:Security KafkaRanger Plugin Solr Ranger Plugin YarnRanger Plugin Log4j HDFS Solr
5 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Ranger Admin Service Manager • Delivers a ‘single pane of glass’ for the security administrator • Centralizes administration of security policy • Ensures consistent coverage across the entire Hadoop stack
6 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Ranger Policy - HBase Allow group “analyst” to have READ access to Order Table and OrderDetails Column Family
7 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Ranger Auditing • Ranger plugins generate detailed audit logs for accesses to protected resources. Audit logs include details like: user, resource, type of access, time of access, client IP address, access-result, ID of the policy that allowed/denied the access • Audit logs to one or more destinations – Solr, HDFS, Log4j, ... • Interactive view of audit logs using Ranger Admin
8 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Tag based policy Classification based security on cross-component data assets
9 © Hortonworks Inc. 2011 – 2017. All Rights Reserved What does it take to enable my component with ranger? • Service Definition • Defined in a JSON and registered in Ranger Admin • Backbone of the Ranger Stack Model • Ranger Plugin • Provides the necessary interfaces for Authorization and Auditing • Component implements glue code
10 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Ranger Software Architecture • Stack Model • Data driven model • Interpreter of the access-control profile (Service Definition) of the component • Result • Component specific GUI for policy authoring • Policy validation • Policy execution engine • Policy driven Enforcement of access control and Audit logs
11 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Ranger Process Architecture and Modules : Refresher Policy Authoring Policy Validation Policy persistence Policy Synchronization Policy Evaluation Engine Audit Infrastructure Glue code Ranger Admin Component
12 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Ranger-Enabling a component Component Service Definition Component with Glue code Ranger Enabled Component
13 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Service Definition • Component’s authorization requirements • What are the resources ? • What are the access operations ? • Advanced Features • Context Enrichment (tag-servicedef) • Dynamic policy conditions (hive-servicedef) • GUI Presentation and rendering • Defined in a JSON for each service. • Stored in Ranger DB • Creating Service Definition • curl call to add the service definition in the Ranger admin curl -u admin:admin -H "Accept: application/json" -H "Content-Type: application/json" -X POST http://node-1.example.com:6080/service/public/v2/api/servicedef -d @sampleapp.json
14 © Hortonworks Inc. 2011 – 2017. All Rights Reserved • Description of component • Resources • File/directory • Access Types • Read/Write/Execute • Context Enrichers • Dynamic Policy conditions Demo Component
15 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Service Definition JSON
16 © Hortonworks Inc. 2011 – 2017. All Rights Reserved • RangerAccessRequest / RangerAccessRequestImpl • RangerAccessResource / RangerAccessResourceImpl • RangerAccessResultProcessor / RangerDefaultAuditHandler • RangerBasePlugin Glue Code Interfaces Component Plugin Request / Resource Result Processor Policy Engine Authorization Interface Policy refresher
17 © Hortonworks Inc. 2011 – 2017. All Rights Reserved SampleApp: Authorizer interface
18 © Hortonworks Inc. 2011 – 2017. All Rights Reserved SampleApp: Ranger Authorizer implementation
19 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Apache Ranger: how to contribute? • Ranger Home : http://ranger.apache.org • Ranger Wiki : https://cwiki.apache.org/confluence/display/RANGER • Ranger JIRAs : https://issues.apache.org/jira/browse/RANGER • Project Mailing Lists • Users : user@ranger.apache.org • Developers : dev@ranger.apache.org • Commits : commits@ranger.apache.org

More Related Content

What's hot (20)

PPTX
Hadoop REST API Security with Apache Knox Gateway
DataWorks Summit
 
PDF
Apache Iceberg - A Table Format for Hige Analytic Datasets
Alluxio, Inc.
 
PPTX
Apache Flink and what it is used for
Aljoscha Krettek
 
ODP
Stream processing using Kafka
Knoldus Inc.
 
PPTX
Introduction to KSQL: Streaming SQL for Apache Kafka®
confluent
 
PPTX
kafka
Amikam Snir
 
PDF
Data Discovery at Databricks with Amundsen
Databricks
 
PDF
Designing Apache Hudi for Incremental Processing With Vinoth Chandar and Etha...
HostedbyConfluent
 
PPTX
Introduction to Kafka
Akash Vacher
 
PPTX
Apache Kafka
Saroj Panyasrivanit
 
PPTX
Performance Optimizations in Apache Impala
Cloudera, Inc.
 
PPTX
Apache Kafka Best Practices
DataWorks Summit/Hadoop Summit
 
PDF
Amazon S3 Best Practice and Tuning for Hadoop/Spark in the Cloud
Noritaka Sekiyama
 
PPTX
Apache NiFi in the Hadoop Ecosystem
DataWorks Summit/Hadoop Summit
 
PDF
Kafka 101 and Developer Best Practices
confluent
 
PPTX
Microservices, Apache Kafka, Node, Dapr and more - Part Two (Fontys Hogeschoo...
Lucas Jellema
 
PPTX
An Introduction to Confluent Cloud: Apache Kafka as a Service
confluent
 
PDF
Introducing the Apache Flink Kubernetes Operator
Flink Forward
 
PPTX
Apache phoenix: Past, Present and Future of SQL over HBAse
enissoz
 
PDF
Producer Performance Tuning for Apache Kafka
Jiangjie Qin
 
Hadoop REST API Security with Apache Knox Gateway
DataWorks Summit
 
Apache Iceberg - A Table Format for Hige Analytic Datasets
Alluxio, Inc.
 
Apache Flink and what it is used for
Aljoscha Krettek
 
Stream processing using Kafka
Knoldus Inc.
 
Introduction to KSQL: Streaming SQL for Apache Kafka®
confluent
 
kafka
Amikam Snir
 
Data Discovery at Databricks with Amundsen
Databricks
 
Designing Apache Hudi for Incremental Processing With Vinoth Chandar and Etha...
HostedbyConfluent
 
Introduction to Kafka
Akash Vacher
 
Apache Kafka
Saroj Panyasrivanit
 
Performance Optimizations in Apache Impala
Cloudera, Inc.
 
Apache Kafka Best Practices
DataWorks Summit/Hadoop Summit
 
Amazon S3 Best Practice and Tuning for Hadoop/Spark in the Cloud
Noritaka Sekiyama
 
Apache NiFi in the Hadoop Ecosystem
DataWorks Summit/Hadoop Summit
 
Kafka 101 and Developer Best Practices
confluent
 
Microservices, Apache Kafka, Node, Dapr and more - Part Two (Fontys Hogeschoo...
Lucas Jellema
 
An Introduction to Confluent Cloud: Apache Kafka as a Service
confluent
 
Introducing the Apache Flink Kubernetes Operator
Flink Forward
 
Apache phoenix: Past, Present and Future of SQL over HBAse
enissoz
 
Producer Performance Tuning for Apache Kafka
Jiangjie Qin
 

Similar to Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger Extensibility Framework & Case Study for integration with Apache HAWQ (20)

PPTX
Apache Hadoop Security - Ranger
Isheeta Sanghi
 
PPTX
Securing Hadoop with Apache Ranger
DataWorks Summit
 
PDF
TriHUG October: Apache Ranger
trihug
 
PPTX
Security and Data Governance using Apache Ranger and Apache Atlas
DataWorks Summit/Hadoop Summit
 
PPTX
Hadoop security
Shivaji Dutta
 
PPTX
Overview of new features in Apache Ranger
DataWorks Summit
 
PDF
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
huguk
 
PPTX
Saving the elephant—now, not later
DataWorks Summit
 
PDF
Apache ranger meetup
nvvrajesh
 
PPTX
Ranger admin dev overview
Tushar Dudhatra
 
PPTX
Hdp security overview
Hortonworks
 
PDF
Curb your insecurity with HDP - Tips for a Secure Cluster
ahortonworks
 
PDF
Apache Ranger
Mike Frampton
 
PPTX
Treat your enterprise data lake indigestion: Enterprise ready security and go...
DataWorks Summit
 
PPTX
Curb Your Insecurity - Tips for a Secure Cluster (with Spark too)!!
Pardeep Kumar Mishra (Big Data / Hadoop Consultant)
 
PPTX
Curb your insecurity with HDP
DataWorks Summit/Hadoop Summit
 
PDF
2014 sept 4_hadoop_security
Adam Muise
 
PPTX
Enabling ABAC with Accumulo and Ranger integration
DataWorks Summit
 
PDF
August 2014 HUG : Comprehensive Security for Hadoop
Yahoo Developer Network
 
PPTX
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
DataWorks Summit
 
Apache Hadoop Security - Ranger
Isheeta Sanghi
 
Securing Hadoop with Apache Ranger
DataWorks Summit
 
TriHUG October: Apache Ranger
trihug
 
Security and Data Governance using Apache Ranger and Apache Atlas
DataWorks Summit/Hadoop Summit
 
Hadoop security
Shivaji Dutta
 
Overview of new features in Apache Ranger
DataWorks Summit
 
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
huguk
 
Saving the elephant—now, not later
DataWorks Summit
 
Apache ranger meetup
nvvrajesh
 
Ranger admin dev overview
Tushar Dudhatra
 
Hdp security overview
Hortonworks
 
Curb your insecurity with HDP - Tips for a Secure Cluster
ahortonworks
 
Apache Ranger
Mike Frampton
 
Treat your enterprise data lake indigestion: Enterprise ready security and go...
DataWorks Summit
 
Curb Your Insecurity - Tips for a Secure Cluster (with Spark too)!!
Pardeep Kumar Mishra (Big Data / Hadoop Consultant)
 
Curb your insecurity with HDP
DataWorks Summit/Hadoop Summit
 
2014 sept 4_hadoop_security
Adam Muise
 
Enabling ABAC with Accumulo and Ranger integration
DataWorks Summit
 
August 2014 HUG : Comprehensive Security for Hadoop
Yahoo Developer Network
 
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
DataWorks Summit
 
Ad

More from DataWorks Summit (20)

PPTX
Data Science Crash Course
DataWorks Summit
 
PPTX
Floating on a RAFT: HBase Durability with Apache Ratis
DataWorks Summit
 
PPTX
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
DataWorks Summit
 
PDF
HBase Tales From the Trenches - Short stories about most common HBase operati...
DataWorks Summit
 
PPTX
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
DataWorks Summit
 
PPTX
Managing the Dewey Decimal System
DataWorks Summit
 
PPTX
Practical NoSQL: Accumulo's dirlist Example
DataWorks Summit
 
PPTX
HBase Global Indexing to support large-scale data ingestion at Uber
DataWorks Summit
 
PPTX
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
DataWorks Summit
 
PPTX
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
DataWorks Summit
 
PPTX
Supporting Apache HBase : Troubleshooting and Supportability Improvements
DataWorks Summit
 
PPTX
Security Framework for Multitenant Architecture
DataWorks Summit
 
PDF
Presto: Optimizing Performance of SQL-on-Anything Engine
DataWorks Summit
 
PPTX
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
DataWorks Summit
 
PPTX
Extending Twitter's Data Platform to Google Cloud
DataWorks Summit
 
PPTX
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
DataWorks Summit
 
PPTX
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
DataWorks Summit
 
PPTX
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
DataWorks Summit
 
PDF
Computer Vision: Coming to a Store Near You
DataWorks Summit
 
PPTX
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
DataWorks Summit
 
Data Science Crash Course
DataWorks Summit
 
Floating on a RAFT: HBase Durability with Apache Ratis
DataWorks Summit
 
Tracking Crime as It Occurs with Apache Phoenix, Apache HBase and Apache NiFi
DataWorks Summit
 
HBase Tales From the Trenches - Short stories about most common HBase operati...
DataWorks Summit
 
Optimizing Geospatial Operations with Server-side Programming in HBase and Ac...
DataWorks Summit
 
Managing the Dewey Decimal System
DataWorks Summit
 
Practical NoSQL: Accumulo's dirlist Example
DataWorks Summit
 
HBase Global Indexing to support large-scale data ingestion at Uber
DataWorks Summit
 
Scaling Cloud-Scale Translytics Workloads with Omid and Phoenix
DataWorks Summit
 
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
DataWorks Summit
 
Supporting Apache HBase : Troubleshooting and Supportability Improvements
DataWorks Summit
 
Security Framework for Multitenant Architecture
DataWorks Summit
 
Presto: Optimizing Performance of SQL-on-Anything Engine
DataWorks Summit
 
Introducing MlFlow: An Open Source Platform for the Machine Learning Lifecycl...
DataWorks Summit
 
Extending Twitter's Data Platform to Google Cloud
DataWorks Summit
 
Event-Driven Messaging and Actions using Apache Flink and Apache NiFi
DataWorks Summit
 
Securing Data in Hybrid on-premise and Cloud Environments using Apache Ranger
DataWorks Summit
 
Big Data Meets NVM: Accelerating Big Data Processing with Non-Volatile Memory...
DataWorks Summit
 
Computer Vision: Coming to a Store Near You
DataWorks Summit
 
Big Data Genomics: Clustering Billions of DNA Sequences with Apache Spark
DataWorks Summit
 
Ad

Recently uploaded (20)

PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PDF
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
PDF
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
PDF
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
PPTX
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PDF
July Patch Tuesday
Ivanti
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
Achieving Consistent and Reliable AI Code Generation - Medusa AI
medusaaico
 
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
Presentation - Vibe Coding The Future of Tech
yanuarsinggih1
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
July Patch Tuesday
Ivanti
 

Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger Extensibility Framework & Case Study for integration with Apache HAWQ

  • 1. 1 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Apache Ranger – Extending Authorization beyond Hadoop Ramesh Mani Apache Ranger committer, PMC member Abhay Kulkarni Apache Ranger committer
  • 2. 2 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Overview • Securing Hadoop components • HDFS, Hive, HBase, Knox, Strom, YARN, Kafka, Solr, Atlas, Nifi • Authentication, Authorization and Audit • Authentication • Identifying the user • Authorization • Authoring • Defining access policies • Implementing Access Policies • Audit • Access audit logs • Operation logs
  • 3. 3 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Agenda • Ranger • What is Ranger? • Why Ranger? • Enabling a component to use Ranger for access control • How to define authorization needs of a component for Ranger integration? • How to enforce authorization policies for component? • Custom extension • Demo on Sample Application • A simple application with Ranger Authorization
  • 4. 4 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Authorization and Auditing w/ Ranger HDFS Ranger Administration Portal HBase Hive Server2 Ranger Policy Store Ranger Audit Store Ranger Plugin HadoopComponents Enterprise Users Ranger Plugin Ranger Plugin Legacy Tools & Data Governance Integration API Knox Storm Ranger Plugin Ranger Plugin EnterpriseServices:Security KafkaRanger Plugin Solr Ranger Plugin YarnRanger Plugin Log4j HDFS Solr
  • 5. 5 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Ranger Admin Service Manager • Delivers a ‘single pane of glass’ for the security administrator • Centralizes administration of security policy • Ensures consistent coverage across the entire Hadoop stack
  • 6. 6 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Ranger Policy - HBase Allow group “analyst” to have READ access to Order Table and OrderDetails Column Family
  • 7. 7 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Ranger Auditing • Ranger plugins generate detailed audit logs for accesses to protected resources. Audit logs include details like: user, resource, type of access, time of access, client IP address, access-result, ID of the policy that allowed/denied the access • Audit logs to one or more destinations – Solr, HDFS, Log4j, ... • Interactive view of audit logs using Ranger Admin
  • 8. 8 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Tag based policy Classification based security on cross-component data assets
  • 9. 9 © Hortonworks Inc. 2011 – 2017. All Rights Reserved What does it take to enable my component with ranger? • Service Definition • Defined in a JSON and registered in Ranger Admin • Backbone of the Ranger Stack Model • Ranger Plugin • Provides the necessary interfaces for Authorization and Auditing • Component implements glue code
  • 10. 10 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Ranger Software Architecture • Stack Model • Data driven model • Interpreter of the access-control profile (Service Definition) of the component • Result • Component specific GUI for policy authoring • Policy validation • Policy execution engine • Policy driven Enforcement of access control and Audit logs
  • 11. 11 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Ranger Process Architecture and Modules : Refresher Policy Authoring Policy Validation Policy persistence Policy Synchronization Policy Evaluation Engine Audit Infrastructure Glue code Ranger Admin Component
  • 12. 12 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Ranger-Enabling a component Component Service Definition Component with Glue code Ranger Enabled Component
  • 13. 13 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Service Definition • Component’s authorization requirements • What are the resources ? • What are the access operations ? • Advanced Features • Context Enrichment (tag-servicedef) • Dynamic policy conditions (hive-servicedef) • GUI Presentation and rendering • Defined in a JSON for each service. • Stored in Ranger DB • Creating Service Definition • curl call to add the service definition in the Ranger admin curl -u admin:admin -H "Accept: application/json" -H "Content-Type: application/json" -X POST http://node-1.example.com:6080/service/public/v2/api/servicedef -d @sampleapp.json
  • 14. 14 © Hortonworks Inc. 2011 – 2017. All Rights Reserved • Description of component • Resources • File/directory • Access Types • Read/Write/Execute • Context Enrichers • Dynamic Policy conditions Demo Component
  • 15. 15 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Service Definition JSON
  • 16. 16 © Hortonworks Inc. 2011 – 2017. All Rights Reserved • RangerAccessRequest / RangerAccessRequestImpl • RangerAccessResource / RangerAccessResourceImpl • RangerAccessResultProcessor / RangerDefaultAuditHandler • RangerBasePlugin Glue Code Interfaces Component Plugin Request / Resource Result Processor Policy Engine Authorization Interface Policy refresher
  • 17. 17 © Hortonworks Inc. 2011 – 2017. All Rights Reserved SampleApp: Authorizer interface
  • 18. 18 © Hortonworks Inc. 2011 – 2017. All Rights Reserved SampleApp: Ranger Authorizer implementation
  • 19. 19 © Hortonworks Inc. 2011 – 2017. All Rights Reserved Apache Ranger: how to contribute? • Ranger Home : http://ranger.apache.org • Ranger Wiki : https://cwiki.apache.org/confluence/display/RANGER • Ranger JIRAs : https://issues.apache.org/jira/browse/RANGER • Project Mailing Lists • Users : [email protected] • Developers : [email protected] • Commits : [email protected]

Editor's Notes

  • #3: We have a lot to cover, want to apologize in advance
  • #4: We have a lot to cover, want to apologize in advance
  • #5: We have a lot to cover, want to apologize in advance
  • #6: We have a lot to cover, want to apologize in advance
  • #7: We have a lot to cover, want to apologize in advance
  • #8: We have a lot to cover, want to apologize in advance
  • #9: We have a lot to cover, want to apologize in advance
  • #10: We have a lot to cover, want to apologize in advance
  • #14: We have a lot to cover, want to apologize in advance
  • #16: We have a lot to cover, want to apologize in advance
  • #20: We have a lot to cover, want to apologize in advance