| {"version":3,"sources":["/home/madhan/Apache/git/atlas/docs/target/src/documents/Security/AtlasRangerAuthorizer.md","/home/madhan/Apache/git/atlas/docs/target/theme/components/shared/Img/index.js","/home/madhan/Apache/git/atlas/docs/target/theme/styles/styled-colors.js"],"names":["layoutProps","MDXContent","components","props","mdxType","parentName","wrapLines","language","style","theme","alt","src","width","isMDXComponent","Img","height","baseUrl","useConfig","boxShadow","WebkitBoxShadow","MozBoxShadow","dark","hljs","color"],"mappings":"uoBAYMA,EAAc,GAIL,SAASC,EAAW,GAG/B,IAFFC,EAAU,EAAVA,WACGC,EAAK,iBAER,OAAO,cALS,UAKC,iBAAKH,EAAiBG,EAAK,CAAED,WAAYA,EAAYE,QAAQ,cAE5E,oBACE,GAAM,2BAAyB,2BAEjC,oBACE,GAAM,8DAA4D,8DAEpE,yCAAsB,mBAAGC,WAAW,IAChC,KAAQ,wBAAsB,6BACI,gRAGtC,oBACE,GAAM,0BAAwB,0BAEhC,iIACA,wBACE,oBAAIA,WAAW,MAAI,gFAErB,cAAC,IAAiB,CAACC,WAAW,EAAMC,SAAS,QAAQC,MAAOC,IAAYL,QAAQ,qBAAmB,gCAGnG,+JAEA,wBACE,oBAAIC,WAAW,MAAI,gFACjB,oBAAIA,WAAW,MACb,oBAAIA,WAAW,MAAK,4BAAYA,WAAW,MAAI,kCAAgD,qCAC/F,oBAAIA,WAAW,MAAK,4BAAYA,WAAW,MAAI,kCAAgD,oCAAqC,8BAAW,QAC/I,oBAAIA,WAAW,MAAK,4BAAYA,WAAW,MAAI,kCAAgD,qCAAsC,8BAAW,WAItJ,wBACE,oBAAIA,WAAW,MAAI,4PACjB,oBAAIA,WAAW,MACb,oBAAIA,WAAW,MAAK,4BAAYA,WAAW,MAAI,mCAAiD,2BAChG,oBAAIA,WAAW,MAAK,4BAAYA,WAAW,MAAI,mCAAiD,8BAChG,oBAAIA,WAAW,MAAK,4BAAYA,WAAW,MAAI,mCAAiD,6BAChG,oBAAIA,WAAW,MAAK,4BAAYA,WAAW,MAAI,mCAAiD,2BAItG,oBACE,GAAM,6DAA2D,6DAEnE,iQAEA,wBACE,oBAAIA,WAAW,MAAK,wBAAQA,WAAW,MAAI,WAE7C,8HACA,cAAC,IAAG,CAACK,IAAI,2CAA2CC,IAAG,wCAA2CC,MAAM,MAAMR,QAAQ,QACtH,yBACA,wBACE,oBAAIC,WAAW,MAAK,wBAAQA,WAAW,MAAI,YAE7C,2JACA,cAAC,IAAG,CAACK,IAAI,6CAA6CC,IAAG,2CAA8CC,MAAM,MAAMR,QAAQ,QAC3H,yBACA,wBACE,oBAAIC,WAAW,MAAK,wBAAQA,WAAW,MAAI,oBAA8B,oGAG3E,cAAC,IAAG,CAACK,IAAI,4CAA4CC,IAAG,wCAA2CC,MAAM,MAAMR,QAAQ,QACvH,yBACA,oBACE,GAAM,8DAA4D,8DAEpE,ybAIA,cAAC,IAAG,CAACM,IAAI,uBAAuBC,IAAG,iCAAoCC,MAAM,MAAMR,QAAQ,SAE9F,qMAEDH,EAAWY,gBAAiB,G,sEClG5B,+EAuCeC,IAnBHX,IACX,MAAM,IAAEQ,EAAG,MAAEC,EAAK,OAAEG,GAAWZ,GACzB,QAAEa,GAAYC,sBAMpB,OACC,2BACC,uBAC6BT,MART,CACtBU,UAAW,6FACIC,gBAAiB,4FACjBC,aAAc,6FAM1BT,IAAM,GAAEK,IAAUL,IAClBI,OAAS,IAAEA,GAAU,QACrBH,MAAQ,IAAEA,GAAS,a,+DClCvB,iFAqBAS,IAAKC,KAAKC,MAAQ,UACHF,MAAI","file":"static/js/documents-security-atlas-ranger-authorizer.aa5d41ab.js","sourcesContent":["\nimport React from 'react'\nimport { mdx } from '@mdx-js/react'\n\n/* @jsxRuntime classic */\n/* @jsx mdx */\nimport themen from 'theme/styles/styled-colors';\nimport * as theme from 'react-syntax-highlighter/dist/esm/styles/hljs';\nimport SyntaxHighlighter from 'react-syntax-highlighter';\nimport Img from 'theme/components/shared/Img'\n\n\nconst layoutProps = {\n \n};\nconst MDXLayout = \"wrapper\"\nexport default function MDXContent({\n components,\n ...props\n}) {\n return <MDXLayout {...layoutProps} {...props} components={components} mdxType=\"MDXLayout\">\n\n <h1 {...{\n \"id\": \"atlas-ranger-authorizer\"\n }}>{`Atlas Ranger Authorizer`}</h1>\n <h2 {...{\n \"id\": \"setting-up-apache-atlas-to-use-apache-ranger-authorization\"\n }}>{`Setting up Apache Atlas to use Apache Ranger Authorization`}</h2>\n <p>{`As detailed in `}<a parentName=\"p\" {...{\n \"href\": \"#/AuthorizationModel\"\n }}>{`Atlas Authorization Model`}</a>{`, Apache Atlas supports pluggable authorization\nmodel. Apache Ranger provides an authorizer implementation that uses Apache Ranger policies for authorization. In\naddition, the authorizer provided by Apache Ranger audits all authorizations into a central audit store.`}</p>\n <h3 {...{\n \"id\": \"configure-apache-atlas\"\n }}>{`Configure Apache Atlas`}</h3>\n <p>{`To configure Apache Atlas to use Apache Ranger authorizer, please follow the instructions given below:`}</p>\n <ul>\n <li parentName=\"ul\">{`Include the following property in atlas-application.properties config file:`}</li>\n </ul>\n <SyntaxHighlighter wrapLines={true} language=\"shell\" style={theme.dark} mdxType=\"SyntaxHighlighter\">\n {`atlas.authorizer.impl=ranger`}\n </SyntaxHighlighter>\n <p>{` If you use Apache Ambari to deploy Apache Atlas and Apache Ranger, enable Atlas plugin in configuration pages for\nApache Ranger.`}</p>\n <ul>\n <li parentName=\"ul\">{`Include libraries of Apache Ranger plugin in libext directory of Apache Atlas`}\n <ul parentName=\"li\">\n <li parentName=\"ul\"><inlineCode parentName=\"li\">{`<Atlas installation directory>`}</inlineCode>{`/libext/ranger-atlas-plugin-impl/`}</li>\n <li parentName=\"ul\"><inlineCode parentName=\"li\">{`<Atlas installation directory>`}</inlineCode>{`/libext/ranger-atlas-plugin-shim-`}<version />{`.jar`}</li>\n <li parentName=\"ul\"><inlineCode parentName=\"li\">{`<Atlas installation directory>`}</inlineCode>{`/libext/ranger-plugin-classloader-`}<version />{`.jar`}</li>\n </ul>\n </li>\n </ul>\n <ul>\n <li parentName=\"ul\">{`Include configuration files for Apache Ranger plugin in configuration directory of Apache Atlas - typically under /etc/atlas/conf directory. For more details on configuration file contents, please refer to appropriate documentation in Apache Ranger.`}\n <ul parentName=\"li\">\n <li parentName=\"ul\"><inlineCode parentName=\"li\">{`<Atlas configuration directory>`}</inlineCode>{`/ranger-atlas-audit.xml`}</li>\n <li parentName=\"ul\"><inlineCode parentName=\"li\">{`<Atlas configuration directory>`}</inlineCode>{`/ranger-atlas-security.xml`}</li>\n <li parentName=\"ul\"><inlineCode parentName=\"li\">{`<Atlas configuration directory>`}</inlineCode>{`/ranger-policymgr-ssl.xml`}</li>\n <li parentName=\"ul\"><inlineCode parentName=\"li\">{`<Atlas configuration directory>`}</inlineCode>{`/ranger-security.xml`}</li>\n </ul>\n </li>\n </ul>\n <h3 {...{\n \"id\": \"apache-ranger-authorization-policy-model-for-apache-atlas\"\n }}>{`Apache Ranger authorization policy model for Apache Atlas`}</h3>\n <p>{`Apache Ranger authorization policy model for Apache Atlas supports 3 resource hierarchies, to control access to: types,\nentities and admin operations. Following images show various details of each type of policy in Apache Ranger.`}</p>\n <ul>\n <li parentName=\"ul\"><strong parentName=\"li\">{`Types`}</strong></li>\n </ul>\n <p>{`Following authorization policy allows user 'admin' to create/update/delete any classification type.`}</p>\n <Img alt=\"Apache Ranger policy for type operations\" src={`/images/twiki/ranger-policy-types.png`} width=\"600\" mdxType=\"Img\" />\n <hr></hr>\n <ul>\n <li parentName=\"ul\"><strong parentName=\"li\">{`Entity`}</strong></li>\n </ul>\n <p>{`Following authorization policy allows user 'admin' perform all operations on metadata entities of Hive database named \"my_db\".`}</p>\n <Img alt=\"Apache Ranger policy for entity operations\" src={`/images/twiki/ranger-policy-entities.png`} width=\"600\" mdxType=\"Img\" />\n <hr></hr>\n <ul>\n <li parentName=\"ul\"><strong parentName=\"li\">{`Admin Operations`}</strong>{`\nFollowing authorization policy allows user 'admin' to perform export/import admin operations.`}</li>\n </ul>\n <Img alt=\"Apache Ranger policy for admin operations\" src={`/images/twiki/ranger-policy-admin.png`} width=\"600\" mdxType=\"Img\" />\n <hr></hr>\n <h3 {...{\n \"id\": \"apache-ranger-access-audit-for-apache-atlas-authorizations\"\n }}>{`Apache Ranger access audit for Apache Atlas authorizations`}</h3>\n <p>{`Apache Ranger authorization plugin generates audit logs with details of the access authorized by the plugin. The details\ninclude the object accessed (e.g. hive_table with ID cost_savings.claim_savings@cl1), type of access performed (e.g.\nentity-add-classification, entity-remove-classification), name of the user, time of access and the IP address the access\nrequest came from - as shown in the following image.`}</p>\n <Img alt=\"Apache Ranger audit \" src={`/images/twiki/ranger-audit.png`} width=\"800\" mdxType=\"Img\" />\n </MDXLayout>;\n}\n;\nMDXContent.isMDXComponent = true;","/**\n * Licensed to the Apache Software Foundation (ASF) under one\n * or more contributor license agreements. See the NOTICE file\n * distributed with this work for additional information\n * regarding copyright ownership. The ASF licenses this file\n * to you under the Apache License, Version 2.0 (the\n * \"License\"); you may not use this file except in compliance\n * with the License. You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport * as React from \"react\";\nimport { useConfig } from \"../../../../docz-lib/docz/dist\";\nconst Img = props => {\n\tconst { src, width, height } = props;\n\tconst { baseUrl } = useConfig();\n const styles = {\n\tboxShadow: \"0 2px 2px 0 rgba(0,0,0,0.14), 0 3px 1px -2px rgba(0,0,0,0.12), 0 1px 5px 0 rgba(0,0,0,0.2)\",\n WebkitBoxShadow: \"0 2px 2px 0 rgba(0,0,0,0.14) 0 3px 1px -2px rgba(0,0,0,0.12), 0 1px 5px 0 rgba(0,0,0,0.2)\",\n MozBoxShadow: \"0 2px 2px 0 rgba(0,0,0,0.14) 0 3px 1px -2px rgba(0,0,0,0.12), 0 1px 5px 0 rgba(0,0,0,0.2)\"\n }\n\treturn (\n\t\t<div>\n\t\t\t<img\n style={styles}\n\t\t\t\tsrc={`${baseUrl}${src}`}\n\t\t\t\theight={`${height || \"auto\"}`}\n\t\t\t\twidth={`${width || \"100%\"}`}\n\t\t\t/>\n\t\t</div>\n\t);\n};\nexport default Img;\n","/**\n * Licensed to the Apache Software Foundation (ASF) under one\n * or more contributor license agreements. See the NOTICE file\n * distributed with this work for additional information\n * regarding copyright ownership. The ASF licenses this file\n * to you under the Apache License, Version 2.0 (the\n * \"License\"); you may not use this file except in compliance\n * with the License. You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { dark } from \"react-syntax-highlighter/dist/esm/styles/hljs\";\n\n//dark[\"powershell\"][\"color\"] = \"#37bb9b\";\ndark.hljs.color = \"#37bb9b\";\nexport default dark;"],"sourceRoot":""} |