There is very limited support for multi-tenancy. The user table in the database has the concept of “user source”. But the upstream don't do the required access check. Adding support will require updating the policy edit page to filter out users based on the cluster/tenant. If you are planning to give access to Ranger Admin to your tenants, then you should also filter out audit logs based on the cluster.
I don't think, this task is on the radar. So you will have to hack around on your own. If you don't want to mess with Ranger Admin code, then you can just use the API to create the policies and have your tool to manage the policies. And you might want to write your own user/group provisioning code and call UserSync API to populate the DB. On the plugin side, it shouldn't matter because it relies on the component to do the authentication and to get the user groups. Bosco From: Goden Yao <[email protected]> Reply-To: <[email protected]> Date: Monday, February 13, 2017 at 5:49 PM To: <[email protected]> Subject: Re: Does Ranger support multi-cluster deployment what if user/groups are different cross each cluster? On Mon, Feb 13, 2017 at 5:11 PM Don Bosco Durai <[email protected]> wrote: Yes. If you are using manual install, then it should just work because you will be having one Ranger Admin/Portal install and you will be installing the Ranger plugins on each component on all the clusters. If you are using Ambari, then you can have Ranger Portal on one of the clusters and all the components within the cluster will be automatically configured. But for your other clusters, you will have to manually install/configure the Ranger plugins. This might be little painful, but it should be able to do it with some hacks on the Ambari side. There is one caveat. The users/groups should be the same in each cluster. Bosco From: Goden Yao <[email protected]> Reply-To: <[email protected]> Date: Monday, February 13, 2017 at 3:58 PM To: <[email protected]> Subject: Does Ranger support multi-cluster deployment Hi If I have multiple separate hadoop clusters, can I set up one ranger server (out of these clusters) to manage them all ? -Goden -- Goden -- Goden
