If you have created a CustomService, and if you want to authorize the access of components/resources in your CustomService, then you need to have default authorizer in your CustomService to do authorization, which you will extend in your Ranger custom plugin and will be called when your CustomService needs authorization check.
For logging, as you had seen it uses log4j you can have log4j appender in the log4.properties and get the log, all hadoop components have their log4j properties file where it specify the location it puts the log. By default it is /var/log/hadoop/ for hadoop. From: Aruna Sivaram <sivaram.ar...@gmail.com<mailto:sivaram.ar...@gmail.com>> Reply-To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Date: Wednesday, December 9, 2015 at 9:45 PM To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Subject: Queries on the developement for a new custom plugin I am using ranger 0.5 for the access control. We are planning to develop a custom plugin which we plan to integrate with the ranger framework. This custom plugin will be used for access control of our components. In order to explore this possibility, i have written a custom plugin as per the example given in the link https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=53741207 Since this is a custom plugin, my authoriser class (CustomServiceAuthoriser), will not be extending any of the hadoop security classes (Eg in case of storm or hive, the RangerStormAuthoriser implements IAuthorizer and RangerYarnAuthorizer extends YarnAuthorizationProvider. I have created the repository and policies for the same through the rest web service. I have written the custom service authoriser as per the example and deployed the same on the sandbox. I have a service named CustomService. What i wanted to know is how the customservice will communicate with my customserviceauthoriser which is contained in my plugin. Currently i dont find any documentation which talks about the mode of communication or rather how the plugin class will be invoked by the service. I am relatively new to ranger so may be I am missing something ? Also, i would like to know the location of the log where each of the plugin classes would be logging. This will help us in debugging the flow. I see a lot of log statements in the ranger plugin code base but am unable to find the location of the logs. Secondly, can ranger be used to develop custom plugins for access control of non hadoop components? Any help from your end would be appreciated -- Regards Aruna Sivaram
