Repository: incubator-hawq-docs Updated Branches: refs/heads/develop 98a7ba068 -> 2b722e8ab
Add link to main Ranger docs; Add limitation that group policies not supported in this release Project: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/commit/2b722e8a Tree: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/tree/2b722e8a Diff: http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/diff/2b722e8a Branch: refs/heads/develop Commit: 2b722e8abd523762ad2382058219541f9b3733ee Parents: 98a7ba0 Author: David Yozie <[email protected]> Authored: Mon Apr 3 11:26:59 2017 -0700 Committer: David Yozie <[email protected]> Committed: Mon Apr 3 11:26:59 2017 -0700 ---------------------------------------------------------------------- markdown/ranger/ranger-overview.html.md.erb | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-hawq-docs/blob/2b722e8a/markdown/ranger/ranger-overview.html.md.erb ---------------------------------------------------------------------- diff --git a/markdown/ranger/ranger-overview.html.md.erb b/markdown/ranger/ranger-overview.html.md.erb index 01b6e90..4659b38 100644 --- a/markdown/ranger/ranger-overview.html.md.erb +++ b/markdown/ranger/ranger-overview.html.md.erb @@ -23,6 +23,7 @@ under the License. HAWQ supports using Apache Ranger for authorizing user access to HAWQ resources. Using Ranger enables you to manage all of your Hadoop components' authorization policies using the same user interface, policy store, and auditing stores. +See the [Apache Ranger documentation](http://ranger.apache.org/) for more information about the core functionality of Ranger. ## <a id="arch"></a>Policy Management Architecture @@ -41,15 +42,7 @@ Neither Kerberos authentication nor SSL encryption is supported between a HAWQ n The Ranger plug-in service is not compatible with Highly-Available HAWQ deployments. Should you need to activate the standby master in your HAWQ cluster, you must manually update the HAWQ Ranger service definition with the new master node connection information. -HAWQ supports setting user-level authorization policies with Ranger. These correspond to access policies that would typically be applied using the SQL `GRANT` command, and include authorization events for: - -- Databases -- Schemas -- Tables -- Sequences -- Functions -- Languages -- Protocols +Ranger User Group policies cannot be used with HAWQ in this release. Only User Policies are currently supported. Some authorization checks for superuser-restricted authorization events are handled by HAWQ natively, even when Ranger integration is enabled. See [HAWQ-Native Authorization](ranger-policy-creation.html#alwaysnative).
