Github user lisakowen commented on a diff in the pull request:
https://github.com/apache/incubator-hawq-docs/pull/105#discussion_r108806756
--- Diff: markdown/ranger/ranger-integration-config.html.md.erb ---
@@ -30,9 +30,14 @@ The Ranger Administrative UI is installed when you
install HDP. You configure th
Installing or upgrading to HAWQ 2.2.0 installs the HAWQ Ranger Plug-in
Service, but neither configures nor registers the plug-in.
-In order to use Ranger for managing HAWQ authentication events, you must
first install and register several HAWQ JAR files on the Ranger Administration
host. This is a one-time configuration that establishes connectivity to your
HAWQ cluster from the Ranger Administration host. After you have registered the
JAR files, you enable or disable Ranger integration in HAWQ by setting the
`hawq_acl_type` configuration parameter. After Ranger integration is enabled,
you must use the Ranger interface to create all security policies to manage
access to HAWQ resources. Ranger is pre-populated only with several policies to
allow `gpadmin` superuser access to default resources. See [Creating HAWQ
Authorization Policies in Ranger](ranger-policy-creation.html) for information
about creating policies in Ranger.
+To use Ranger for managing HAWQ authentication events, you must first
install and register several HAWQ JAR files on the Ranger Administration host.
This one-time configuration establishes connectivity to your HAWQ cluster from
the Ranger Administration host.
+
+The `hawq_acl_type` configuration parameter allows you to shift between
managing access policies through the HAWQ native interface or the Ranger policy
manager. Ranger is initially started started with the `hawq_acl_type` parameter
set to `standalone.` After configuring Ranger access policies, you set the
`hawq_acl_type` configuration parameter to `ranger` to enable Ranger policy
management.
--- End diff --
as this is an intro, something like "the hawq_acl_type server configuration
parameter controls the mode of authorization in place for hawq. hawq uses
native authorization by default. you can enable ranger authorization with this
parameter." i don't think you need to get into the values here.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
