Security
Also available as:
PDF
loading table of contents...
Automatically Assign ADMIN/KEYADMIN Role for External Users

About this task

You can use usersync to mark specific external users, or users in a specific external group, with ADMIN or KEYADMIN role within Ranger. This is useful in cases where internal users are not allowed to login to Ranger.

Steps

  1. From Ambari>Ranger>Configs>Advanced>Custom ranger-ugsync-site, select Add Property.

  2. Add the following properties:

    • ranger.usersync.role.assignment.list.delimiter = &

      The default value is &.

    • ranger.usersync.users.groups.assignment.list.delimiter = :

      The default value is :.

    • ranger.usersync.username.groupname.assignment.list.delimiter = ,

      The default value is ,.

    • ranger.usersync.group.based.role.assignment.rules = ROLE_SYS_ADMIN:u:userName1,userName2&ROLE_SYS_ADMIN:g:groupName1,groupName2&ROLE_KEY_ADMIN:u:userName&ROLE_KEY_ADMIN:g:groupName&ROLE_USER:u:userName3,userName4&ROLE_USER:g:groupName

  3. Click Add.

  4. Restart Ranger.

Example

ranger.usersync.role.assignment.list.delimiter = &
ranger.usersync.users.groups.assignment.list.delimiter = :
ranger.usersync.username.groupname.assignment.list.delimiter = ,
ranger.usersync.group.based.role.assignment.rules : &ROLE_SYS_ADMIN:u:ldapuser_12,ldapuser2