Using Apache Ranger on Hortonworks

Availability Note. This feature relates to Hortonworks installations.

Arcadia Enterprise supports both authorization and auditing with Ranger. For details about them, see the following articles:

Enabling Arcadia Enterprise in Ranger

To ensure that Ranger allows Arcadia access to Hive objects, and to enable Arcadia audit logging in HDFS, you must add the appropriate policies in the Ranger interface. Ensure that you set the following parameters:

  • Policy Name is arcadia_audit, set to enabled.
  • Resource Path is /ranger/audit, set to recursive.
  • Audit Logging is set to Yes.
  • Under Allowed Conditions, Select User arcadia, and set Permissions to write.
  • Click Save.
Enabling Arcadia in Ranger

Installation

The installer correctly configures Apache Ranger auditing and authorization in most default settings. In cases where the default configuration does not work, the Ambari configuration panes let us modify the two configuration files, ranger-arcengine-security.xml and ranger-arcengine-audit.xml.

You can enable Apache Ranger when installing or upgrading Arcadia Enterprise through Ambari Stacks. The XML settings generate automatically, based on Hive configuration:

  • Enable Apache Ranger Support
  • Ranger Audit Configuration
  • Ranger Security Configuration

To enable logging, you can make the following changes:

  • Solr Audit Logging

    To enable Solr Audit logging, change xasecure.audit.destirion.solr to true.

  • HDFS Audit Logging

    To enable HDFS Audit logging, change xasecure.audit.destination.hdfs to true.

  • Other Parameters

    All other parameters are based on Hive Audit logging configurations; you can change them manually.

Related content: