Sridhar, If you need to replace the authorization within your application, and leverage policies within Ranger, then you need to build a custom plugin for your application.
See if this can help http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.2.0/Ranger_Adding_New_v 22/index.html#Item1.2 On 1/13/15, 9:28 PM, "Sridhar S" <[email protected]> wrote: >Hi Alok, > Much appreciate your response. > Yes, i meant HDFS DFS. Currently my application UI lets users define >ACLs >for different types of data. Data of a given type is either >allowed or disallowed for a given user for decryption of encrypted data. >Encryption and Decryption is done via map reduce and the results stored in >DFS. > If allowed, the user would be able to decrypt the data else he would just >get >the encrypted data back when attempting to do decryption. Now, i am >trying >to provide the ACL definition facility via Ranger portal >and use the Ranger DB to store the ACL policies.Do i need to define a >custom plugin to pull these policies from Ranger portal and >then enforce the ACLs? What are the steps i need to follow? I seek your >continued help in this. >Sridhar > > >On Wed, Jan 14, 2015 at 12:21 AM, Alok Lal <[email protected]> wrote: > >> Can you explain your use case a bit please? >> >> I am attempting to enhance Ranger with my own ACLs which are currently >> > being used for encryption decryption operations performed in hadoop. >> > >> >> I trust when you say hadoop you mean the HDFS DFS. Right? Where are >>you >> current ACLs? Are you looking to replicate the ACL that are used for >> encryption to also be used for access, too? Or are you trying to use >> Ranger policies to enforce encryption/decryption? >> >> On Tue, Jan 13, 2015 at 1:06 AM, Sridhar S <[email protected]> >> wrote: >> >> > Hi, >> > I am attempting to enhance Ranger with my own ACLs which are >>currently >> > being used for encryption decryption operations performed in hadoop. >>Any >> > help on pointers to which parts of the code should i be looking at >>would >> > be much appreciated. >> > Sridhar >> > >> >> >> >> -- >> "* ... there is nothing more secure then a computer which is not >>connected >> to the network --- and powered off!...*" - from Kerberos Introduction >> <http://web.mit.edu/Kerberos/www/#what_is> >> >> -- >> CONFIDENTIALITY NOTICE >> NOTICE: This message is intended for the use of the individual or >>entity to >> which it is addressed and may contain information that is confidential, >> privileged and exempt from disclosure under applicable law. If the >>reader >> of this message is not the intended recipient, you are hereby notified >>that >> any printing, copying, dissemination, distribution, disclosure or >> forwarding of this communication is strictly prohibited. If you have >> received this communication in error, please contact the sender >>immediately >> and delete it from your system. Thank You. >> > >-- >CONFIDENTIALITY NOTICE >NOTICE: This message is intended for the use of the individual or entity >to >which it is addressed and may contain information that is confidential, >privileged and exempt from disclosure under applicable law. If the reader >of this message is not the intended recipient, you are hereby notified >that >any printing, copying, dissemination, distribution, disclosure or >forwarding of this communication is strictly prohibited. If you have >received this communication in error, please contact the sender >immediately >and delete it from your system. Thank You.
