Ranger Auditing on Kerberized Clusters with a Custom Arcadia Service Account

You can configure a custom Arcadia service account based on existing Hive Ranger Auditing settings.

To change an Arcadia user name and user group to a custom Arcadia Service user name and user group, see Arcadia Service Account.

This topic includes the following sections:

Configure Arcadia Services

To configure Arcadia service to automatically use existing Hive Ranger Auditing settings, follow these steps:

  1. In the Advanced arcadia-analytic-engine section, select the Enable Apache Ranger Support option.

    Enable Apache Ranger Support
  2. Restart Arcadia Services.

Configure Solr

On the Ambari interface, navigate to Ambari Infra > Configs > Advanced infra-solr-security-json > Ranger audit service users and add Arcadia in the list of users.

Configuring Arcadia on Solr
Configuring Arcadia on Solr

Configure Ranger Settings

Follow these steps to sync Ranger auditing and policies for Arcadia:

  1. Hive Settings in Ranger
    • To add an Arcadia service account user to Hive Policy Repo configuration, follow these steps:
      • Switch to the Ranger Admin interface.

      • Under Edit Services, in Config Properties, add to the list of users in the Value column under Add New Configurations option. In our example, we added hive,custarcuser1.

      Adding an Arcadia Service Account User in Ranger Settings
      Add an Arcadia Service Account User to Hive Policy
    • Add an Arcadia service account user to Hive ACL rules. In our example, we added custarcuser1 to Policy ID 2.

      Add an Arcadia service account user to Hive ACL rules
      Add an Arcadia Service Account User to Hive ACL Rules
  2. HDFS Settings in Ranger
    • To add an Arcadia service account user to HDFS Policy Repo configuration, follow these steps:
      • Switch to the Ranger Admin interface.

      • Under Edit Services, in Config Properties, add to the list of users in the Value column under Add New Configurations option. In our example, we added hdfs,custarcuser1.

      Add an Arcadia Service Account User to HDFS Policy
      Add an Arcadia Service Account User to HDFS Policy
    • Add an Arcadia service account user to HDFS ACL rules. In our example, we added custarcuser1 to Policy ID 1.

      Add an Arcadia Service Account User to Hive ACL Rules
      Add an Arcadia Service Account User to Hive ACL Rules
    • Check the Audit interface in Ranger, for the Arcadia Service Account User.

      Verifying Arcadia Service Account User in Ranger
      Verifying Arcadia Service Account User in Ranger