Github user dyozie commented on a diff in the pull request:
https://github.com/apache/incubator-hawq-docs/pull/105#discussion_r108954206
--- Diff: markdown/ranger/ranger-integration-config.html.md.erb ---
@@ -84,19 +105,28 @@ The following procedures describe each configuration
activity.
gpadmin@master$ hawq stop cluster --reload
```
-7. To validate connectivity between Ranger and HAWQ, access the Ranger
Admin UI in Ambari, click the edit icon associated with the `hawq` service
definition. Ensure that the Active Status is set to Enabled, and click the
**Test Connection** button. You should receive a message that Ranger connected
succesfully. If it fails to connect, edit your HAWQ connectivity properties
directly in the Ranger Admin UI and re-test the connection.
+7. When setup is complete, use the fully-qualified domain name to log
into the Ambari server. Use the Ranger link in the left nav to bring up the
Ranger Summary pane in the HAWQ Ambari interface. Use the Quick Links to access
Ranger. This link will take you to the Ranger Login interface.
+
+8. Log into the Ranger Access Manager. You will see a list of icons under
the Service Manager. Click the click the icon marked `hawq` under the HAWQ icon
to validate connectivity between Ranger and HAWQ. A list of HAWQ policies will
appear.
+
+9. Now return to the Service Manager and click the Edit icon on the
right, under the HAWQ service icon. Ensure that the Active Status is set to
Enabled, and click the **Test Connection** button. You should receive a message
that Ranger connected succesfully. If it fails to connect, you may need to
edit your Ranger connection in `pg_hba.conf,` perform
+ ``` bash
+ hawq restart cluster
+ ```
+ and re-test the connection.
## <a id="enable"></a>Step 2: Configure HAWQ to Use Ranger Policy
Management
-The default Ranger service definition for HAWQ assigns the HAWQ user
(typically `gpadmin`) all privileges to all objects.
+The default Ranger service definition for HAWQ assigns the HAWQ
administrator (typically `gpadmin`) all privileges to all objects.
-**Warning**: If you enable HAWQ-Ranger authorization with only the default
HAWQ service policies defined, other HAWQ users will have no privileges, even
for HAWQ objects (databases, tables) that they own.
-
-1. Select the **HAWQ** Service, and then select the **Configs** tab.
+Once the connection between HAWQ and Ranger is configured, you can either
set up policies for the HAWQ users according to the procedures in [Creating
HAWQ Authorization Policies in Ranger](ranger-policy-creation.html) or enable
Ranger with only the default policies.
--- End diff --
I'm not sure it should be a warning, per se. I think what should be called
out here is that if they had created any additional authorizations using
`GRANT` commands, they will no longer apply after enabling ranger, and HAWQ
goes back to its initial state of gpadmin-only access.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
