Create ranger-spark-audit.xml
in $SPARK_HOME/conf
and add the following configurations to enable/disable auditing.
<configuration> <property> <name>xasecure.audit.is.enabled</name> <value>true</value> </property> <property> <name>xasecure.audit.destination.db</name> <value>false</value> </property> <property> <name>xasecure.audit.destination.db.jdbc.driver</name> <value>com.mysql.jdbc.Driver</value> </property> <property> <name>xasecure.audit.destination.db.jdbc.url</name> <value>jdbc:mysql://10.171.161.78/ranger</value> </property> <property> <name>xasecure.audit.destination.db.password</name> <value>rangeradmin</value> </property> <property> <name>xasecure.audit.destination.db.user</name> <value>rangeradmin</value> </property> </configuration>
You can configure spark.sql.extensions
with the *Extension
we provided. For example, spark.sql.extensions=org.apache.submarine.spark.security.api.RangerSparkAuthzExtension
Currently, you can set the following options to spark.sql.extensions
to choose authorization w/ or w/o extra functions.
option | authorization | row filtering | data masking |
---|---|---|---|
org.apache.submarine.spark.security.api.RangerSparkAuthzExtension | √ | × | × |
org.apache.submarine.spark.security.api.RangerSparkSQLExtension | √ | √ | √ |