Providing Authorization with Apache Ranger
Also available as:
PDF
loading table of contents...

Configure a Resource-based Policy: YARN

How to add a new policy to an existing YARN service.

  1. On the Service Manager page, select an existing service under YARN.

    On the Ranger home, a specific service highlighted under a component.
    The List of Policies page appears.
    List of Policies of an example service.
  2. Click Add New Policy.
    The Create Policy page appears.
    Ranger > Create Policy page.
  3. Complete the Create Policy page as follows:
    Table 1. Policy Details
    Field Description
    Policy Name Enter an appropriate policy name. This name cannot be duplicated across the system. This field is mandatory.
    Queue The fundamental unit of scheduling in yarn.
    Recursive You can indicate whether all files or folders within the existing folder comes under the policy. Can be used instead of wildcard characters.
    Description (Optional) Describe the purpose of the policy.
    Audit Logging Specify whether this policy is audited. (De-select to disable auditing).
    Policy Label Specify a label for this policy. You can search reports and filter policies based on these labels.
    Table 2. Allow Conditions

    Label

    Description

    Select Group

    Specify the group to which this policy applies. To designate the group as an Administrator for the chosen resource, specify Admin permissions. (Administrators can create child policies based on existing policies).

    The public group contains all users, so granting access to the public group grants access to all users.

    Select User Specify a particular user to which this policy applies (outside of an already-specified group) OR designate a particular user as Admin for this policy. (Administrators can create child policies based on existing policies).
    Permissions Add or edit permissions: Read, Write, Create, Admin, Select/Deselect All.
    Delegate Admin When a policy is assigned to a user or a group of users those users become the delegated admin. The delegated admin can update, delete the policies. It can also create child policies based on the original policy (base policy).
  4. Click Add.