Configure Ranger to restrict access to DPS
You must configure a Ranger policy for the new Knox topology, in order to restrict access to only authorized users of DPS.
- Navigate to the Ranger UI.
Click Access Manager, and then click the Knox repository
link, for example:
- Click Add New Policy, and then enter the following values:
Parameter Value Policy Type Access Knox Topology token Knox Service *
- Enter groups or user names in Select Group or Select User.
Optional: Under Policy Conditions click Add Condition and
enter the IP addresses of the DPS host.
This adds an IP-based filter to ensure that only known DPS Core hosts can access cluster services through the token topology.
- Under Permissions, click Add Permission and select Allow.