Repository: incubator-ranger Updated Branches: refs/heads/master 7e08cd9f2 -> 2c6554ca9
RANGER-914 - Website updates Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/2c6554ca Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/2c6554ca Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/2c6554ca Branch: refs/heads/master Commit: 2c6554ca9df6576a21efb1bf3c7f0b05b1cd9dfc Parents: 7e08cd9 Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Apr 14 10:36:51 2016 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Fri Apr 29 10:53:24 2016 +0100 ---------------------------------------------------------------------- docs/src/site/fml/faq.fml | 66 ++++++++++++++++++------------------ docs/src/site/site.xml | 7 ++-- docs/src/site/xdoc/download.xml | 62 +++++++++++++++++++++++++++++++++ 3 files changed, 100 insertions(+), 35 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c6554ca/docs/src/site/fml/faq.fml ---------------------------------------------------------------------- diff --git a/docs/src/site/fml/faq.fml b/docs/src/site/fml/faq.fml index 107c13a..71d0c04 100644 --- a/docs/src/site/fml/faq.fml +++ b/docs/src/site/fml/faq.fml @@ -26,7 +26,7 @@ under the License. <question>What does Apache Ranger offer for Apache Hadoop and related components?</question> <answer> <p> - Apache Ranger offers a centralized security framework to manage fine grained access control over Hadoop and related components (Apache Hive, HBase etc.). Using Ranger administration console, users can easily manage policies around accessing a resource (file, folder, database, table, column etc) for a particular set of users and/or groups, and enforce the policies within Hadoop. They also can enable audit tracking and policy analytics for deeper control of the environment. Rangerâ solution also provides ability to delegate administration of certain data to other group owners, with an aim of decentralizing data ownership + Apache Ranger offers a centralized security framework to manage fine grained access control over Hadoop and related components (Apache Hive, HBase etc.). Using the Apache Ranger administration console, users can easily manage policies around accessing a resource (file, folder, database, table, column etc) for a particular set of users and/or groups, and enforce the policies within Hadoop. They also can enable audit tracking and policy analytics for deeper control of the environment. Apache Ranger also provides ability to delegate administration of certain data to other group owners, with an aim of decentralizing data ownership </p> </answer> </faq> @@ -53,7 +53,7 @@ under the License. <question>How does it work over Hadoop and related components</question> <answer> <p> - Apache Ranger' solution at the core has a centralized web application, which consists of the policy administration, audit and reporting modules. Authorized users will be able to manage their security policies using the web tool or using REST APIs. These security policies are enforced within Hadoop ecosystem using lightweight Ranger Java plugins, which run as part of the same process as the namenode (HDFS), Hive2Server(Hive), HBase server (Hbase), Nimbus server (Storm) and Knox server (Knox) respectively. Thus there is no additional OS level process to manage. + Apache Ranger at the core has a centralized web application, which consists of the policy administration, audit and reporting modules. Authorized users will be able to manage their security policies using the web tool or using REST APIs. These security policies are enforced within Hadoop ecosystem using lightweight Ranger Java plugins, which run as part of the same process as the namenode (HDFS), Hive2Server(Hive), HBase server (Hbase), Nimbus server (Storm) and Knox server (Knox) respectively. Thus there is no additional OS level process to manage. </p> </answer> </faq> @@ -61,7 +61,7 @@ under the License. <question>Is there a single point of failure?</question> <answer> <p> - No, Apache Ranger is not a Single Point of Failure. Ranger' plugins run within the same process as the component, e.g. NameNode for HDFS. These agents pull the policy-changes using REST API at a configured regular interval (e.g.: 30 second). The plugin is able to function even if the policy server is temporarily down and will provide the authorization enforcement. Also, the policy manager web application can be hosted on a HA infrastructure. (with multiple apache server, multiple tomcat servers and a standby database server w/o replication setup). + No, Apache Ranger is not a Single Point of Failure. Apache Ranger's plugins run within the same process as the component, e.g. NameNode for HDFS. These agents pull the policy-changes using REST API at a configured regular interval (e.g.: 30 second). The plugin is able to function even if the policy server is temporarily down and will provide the authorization enforcement. Also, the policy manager web application can be hosted on a HA infrastructure. (with multiple apache server, multiple tomcat servers and a standby database server w/o replication setup). </p> </answer> </faq> @@ -69,31 +69,31 @@ under the License. <part id="Apache Hadoop"> <title>Apache Hadoop</title> - <faq id="How does Ranger provide authorization in Apache Hadoop"> - <question>How does Ranger provide authorization in Apache Hadoop?</question> + <faq id="How does Apache Ranger provide authorization in Apache Hadoop"> + <question>How does Apache Ranger provide authorization in Apache Hadoop?</question> <answer> <p> - Ranger provides a plugin for Apache Hadoop, specifically for the NameNode as part of the authorization method. Ranger' plugin is in the path of the user request and is able to make a decision on whether the user request shoud be authorized. The plugin also collects access request details required for auditing + Apache Ranger provides a plugin for Apache Hadoop, specifically for the NameNode as part of the authorization method. The Apache Ranger plugin is in the path of the user request and is able to make a decision on whether the user request shoud be authorized. The plugin also collects access request details required for auditing </p> <p> - Ranger will enforce the security policies available in the policy database. Users can create a security policy for a specific set of resources (one or more folders and/or files) and assign specific set of permissions (e.g: read, write, execute) to a specific set of users and/or groups. The security policies are stored our policy manager and are independent from native permissions. + Apache Ranger will enforce the security policies available in the policy database. Users can create a security policy for a specific set of resources (one or more folders and/or files) and assign specific set of permissions (e.g: read, write, execute) to a specific set of users and/or groups. The security policies are stored in the policy manager and are independent from native permissions. </p> </answer> </faq> - <faq id="Does Ranger emulate native unix level permissions?"> - <question>Does Ranger emulated permissions at the unix level for Apache Hadoop?</question> + <faq id="Does Apache Ranger emulate native unix level permissions?"> + <question>Does Apache Ranger emulated permissions at the unix level for Apache Hadoop?</question> <answer> <p> - No, Ranger enforces authorization based on policies entered in the policy administration tool and does not emulate the permissions at the unix level. Ranger does provide a default feature to validate access using native hadoop file-level permissions if the Ranger policies do not cover the requested access + No, Apache Ranger enforces authorization based on policies entered in the policy administration tool and does not emulate the permissions at the unix level. Apache Ranger does provide a default feature to validate access using native hadoop file-level permissions if the Ranger policies do not cover the requested access </p> </answer> </faq> - <faq id="Do we need an Ranger plugin in each datanode?"> - <question>Does Ranger plugin need to be implemented in each datanode ?</question> + <faq id="Do we need an Apache Ranger plugin in each datanode?"> + <question>Does the Apache Ranger plugin need to be implemented in each datanode ?</question> <answer> <p> - No, Ranger plugin for Hadoop is only needed in the NameNode. + No, the Apache Ranger plugin for Hadoop is only needed in the NameNode. </p> </answer> @@ -102,20 +102,20 @@ under the License. </part> <part id="Apache Hive"> <title>Apache Hive</title> - <faq id="How does Ranger provide authorization in Apache Hive"> - <question>How does Ranger provide authorization in Apache Hive?</question> + <faq id="How does Apache Ranger provide authorization in Apache Hive"> + <question>How does Apache Ranger provide authorization in Apache Hive?</question> <answer> <p> - Ranger plugin is enabled in Hiveserver2 as part of the authorization + The Apache Ranger plugin is enabled in Hiveserver2 as part of the authorization </p> </answer> </faq> - <faq id="How does Ranger authorization compared to SQL standard authorization"> - <question>How does Ranger authorization compare to SQL standard authorization?</question> + <faq id="How does Apache Ranger authorization compare to SQL standard authorization"> + <question>How does Apache Ranger authorization compare to SQL standard authorization?</question> <answer> <p> - Apache Hive currently provides two methods of authorization, Storage based authorization and SQL standard authorization, which was introduced in Hive 13. SQL standard authorization provides grant/revoke functionality at database, table level. The commands would be familiar to a DBA admin. Ranger provides a centralized authorization interface for Hive and provides more granular access control at column level through the Hive plugin. Ranger also provides ability to use wildcard in resource names within the policy. + Apache Hive currently provides two methods of authorization, Storage based authorization and SQL standard authorization, which was introduced in Hive 13. SQL standard authorization provides grant/revoke functionality at database, table level. The commands would be familiar to a DBA admin. Apache Ranger provides a centralized authorization interface for Hive and provides more granular access control at column level through the Hive plugin. Ranger also provides ability to use wildcard in resource names within the policy. </p> </answer> </faq> @@ -124,41 +124,41 @@ under the License. <part id="Apache HBase"> <title>Apache HBase</title> - <faq id="How does Ranger provide authorization in Apache HBase"> - <question>How does Ranger provide authorization in Apache Hbase?</question> + <faq id="How does Apache Ranger provide authorization in Apache HBase"> + <question>How does Apache Ranger provide authorization in Apache Hbase?</question> <answer> <p> - Ranger provides a coprocessor which added to HBase, and includes the logic to perform authorization check and collect audit data. + Apache Ranger provides a coprocessor which is added to HBase, and includes the logic to perform authorization check and collect audit data. </p> </answer> </faq> </part> <part id="Apache Knox"> <title>Apache Knox</title> - <faq id="How does Ranger provide authorization in Apache Knox"> - <question>How does Ranger provide authorization in Apache Knox?</question> + <faq id="How does Apache Ranger provide authorization in Apache Knox"> + <question>How does Apache Ranger provide authorization in Apache Knox?</question> <answer> <p> - Apache Knox currently provides a service level authorization for users/groups. These acls are stored locally in a file. Ranger has built a plugin for Knox to enable administration of these policies through central UI/REST APIs as well as detailed auditing of Knox user access. + Apache Knox currently provides a service level authorization for users/groups. These acls are stored locally in a file. Apache Ranger has built a plugin for Knox to enable administration of these policies through central UI/REST APIs as well as detailed auditing of Knox user access. </p> </answer> </faq> </part> <part id="Apache Kafka"> <title>Apache Kafka</title> - <faq id="How does Ranger provide authorization in Apache Kafka"> - <question>How does Ranger provide authorization in Apache Kafka?</question> + <faq id="How does Apache Ranger provide authorization in Apache Kafka"> + <question>How does Apache Ranger provide authorization in Apache Kafka?</question> <answer> <p> - Security was introduced in Kafka in Kafka 0.9 version. Ranger can manage the Kafka ACLs per topic. Users can use Ranger to control who can write to a topic or read from a topic. In addition to providing policies by users and groups, Ranger also supports IP address based permissions to publish or subscribe. + Security was introduced in Apache Kafka 0.9. Apache Ranger can manage the Kafka ACLs per topic. Users can use Ranger to control who can write to a topic or read from a topic. In addition to providing policies by users and groups, Apache Ranger also supports IP address based permissions to publish or subscribe. </p> </answer> </faq> </part> <part id="Apache Solr"> <title>Apache Solr</title> - <faq id="How does Ranger provide authorization in Apache Solr"> - <question>How does Ranger provide authorization in Apache Solr?</question> + <faq id="How does Apache Ranger provide authorization in Apache Solr"> + <question>How does Apache Ranger provide authorization in Apache Solr?</question> <answer> <p> Similar to Apache Kafka, security in Apache Solr was introduced recently by the community. Through Apache Ranger, users can build policies for users/groups to query a particular collections in Solr. Efforts are underway in Solr community to provide more granular index level permissions. @@ -168,11 +168,11 @@ under the License. </part> <part id="Yarn"> <title>YARN</title> - <faq id="How does Ranger provide authorization in YARN"> - <question>How does Ranger provide authorization in YARN?</question> + <faq id="How does Apache Ranger provide authorization in YARN"> + <question>How does Apache Ranger provide authorization in YARN?</question> <answer> <p> - YARN is widely used in the Hadoop ecosystem as resource management layer for applications. Adminstrators can use YARN to setup queues with a certain capacity and applications can be given permissions to write to a certain queue. Using Ranger, administrators can manage the policies for who can write to a particular queue + YARN is widely used in the Hadoop ecosystem as resource management layer for applications. Adminstrators can use YARN to setup queues with a certain capacity and applications can be given permissions to write to a certain queue. Using Apache Ranger, administrators can manage the policies for who can write to a particular queue </p> </answer> </faq> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c6554ca/docs/src/site/site.xml ---------------------------------------------------------------------- diff --git a/docs/src/site/site.xml b/docs/src/site/site.xml index 352732b..195706f 100644 --- a/docs/src/site/site.xml +++ b/docs/src/site/site.xml @@ -47,7 +47,8 @@ under the License. <body> <menu name="Overview"> <item name="Introduction" href="index.html"/> - <item name="News" href="https://cwiki.apache.org/confluence/display/RANGER/News"; /> + <item name="News" href="https://cwiki.apache.org/confluence/display/RANGER/News"; /> + <item name="Download" href="download.html"/> <item name="FAQ" href="faq.html"/> </menu> <menu name="Resources"> @@ -59,12 +60,14 @@ under the License. <menu name="Project Information"> <item name="Project Summary" href="project-summary.html"/> <item name="Mailing Lists" href="mail-lists.html"/> - <item name ="Team" href="team-list.html"/> + <item name="Issue Tracking" href="https://issues.apache.org/jira/browse/RANGER"/> + <item name="Team" href="team-list.html"/> </menu> <menu name="Releases"> <item name="0.4.0" href="https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.4.0+Release+Notes"; /> <item name="0.5.0" href="https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.0+-+Release+Notes"; /> <item name="0.5.1" href="https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.1+-+Release+Notes"; /> + <item name="0.5.2" href="https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.5.2+-+Release+Notes"; /> </menu> </body> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/2c6554ca/docs/src/site/xdoc/download.xml ---------------------------------------------------------------------- diff --git a/docs/src/site/xdoc/download.xml b/docs/src/site/xdoc/download.xml new file mode 100644 index 0000000..b3003ba --- /dev/null +++ b/docs/src/site/xdoc/download.xml @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<document> +<body> +<section name="Download Apache Ranger"> +<subsection name="How to Download"> +<p> +Use the links below to download a distribution of Apache Ranger from one of our mirrors. +It is good practice to verify the integrity of the distribution files. Apache Ranger releases are +available under the +<a href="http://www.apache.org/licenses/LICENSE-2.0";>Apache License, Version 2.0</a> - see the +LICENSE.txt and NOTICE.txt files contained in each release artifact. +</p> +</subsection> +<subsection name="Current official release (closest mirror site selected automatically)"> +<ul> +<li> +<p> +The current stable release is Apache Ranger 0.5.2: +</p> +<p> +<a href="http://www.apache.org/dyn/closer.lua/incubator/ranger/0.5.2-incubating/apache-ranger-incubating-0.5.2.tar.gz";>apache-ranger-incubating-0.5.2.tar.gz</a> +(<a href="http://www.apache.org/dist/incubator/ranger/0.5.2-incubating/apache-ranger-incubating-0.5.2.tar.gz.asc";>PGP</a>) +(<a href="http://www.apache.org/dist/incubator/ranger/0.5.2-incubating/apache-ranger-incubating-0.5.2.tar.gz.mds";>Digests</a>) +</p> +</li> +<li> +<p> +The older branch release is Apache Ranger 0.4.0: +</p> +<p> +<a href="http://www.apache.org/dyn/closer.lua/incubator/ranger/0.4.0-incubating/ranger-0.4.0-incubating.tar.gz";>ranger-0.4.0-incubating.tar.gz</a> +(<a href="http://www.apache.org/dist/incubator/ranger/0.4.0-incubating/ranger-0.4.0-incubating.tar.gz.asc";>PGP</a>) +(<a href="http://www.apache.org/dist/incubator/ranger/0.4.0-incubating/ranger-0.4.0-incubating.tar.gz.mds";>Digests</a>) +</p> +</li> +</ul> +</subsection> +<subsection name="Archive of old releases"> +<p> +Older releases are available in the <a href="http://archive.apache.org/dist/incubator/ranger/";>archive</a>. +</p> +</subsection> +</section> + +</body> +</document>
