Configuring Apache Ranger with Arcadia

All of the Ranger configurations for Arcadia are done via Ambari within the Arcadia configuration page, and also the Apache Ranger portal:

Arcadia Configuration:

  1. Enable “Enable Apache Ranger Support”

  1. Make sure “Proxy User Config” is set to arcadia=*

Ranger Configuration:

  1. Edit the Hive policy configuration properties

  1. Add user ‘arcadia’ to the Hive policy download/sync user lists

The “arcadia” user should be added to the following Hive policy configurations

tag.download.auth.users
policy.dowload.auth.users
policy.grantrevoke.auth.users
ambari.service.check.user

NOTE: Make sure you do NOT HAVE any spaces between hive & arcadia users when you update these configurations.

hive,arcadia   --- OK
hive, arcadia  --- NOT OK

  1. Open the policy rules for Hive

  1. Add “arcadia” user to the appropriate Hive ACL rule(s) so Arcadia can access all databases, tables, columns, udfs, etc.

  1. Open the policy rules for HDFS

  1. Add “arcadia” user to the appropriate HDFS ACL rule so Arcadia can access all data directory paths

Enable User Impersonation from Arcadia UI

Checking the “Impersonation” option inside your Arcadia Connection will enable an Arcadia Analytics Engine flag for delegation / impersonation when executing queries from the Arcadia Visualization Server so that users can only access the databases, tables, etc. that they’ve been designated to according to the Hive and HDFS policies:

1 Like