[jira] [Commented] (RANGER-5606) Replace default policies in services by using ranger.plugin.super.users configuration

Fri, 12 Jun 2026 21:54:13 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-5606?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18088674#comment-18088674
 ] 

Bhavesh Amre commented on RANGER-5606:
--------------------------------------

For the time being, [~rakeshgupta264]  will be working on this Jira and 
handling any related updates or follow-ups.

> Replace default policies in services by using ranger.plugin.super.users 
> configuration
> -------------------------------------------------------------------------------------
>
>                 Key: RANGER-5606
>                 URL: https://issues.apache.org/jira/browse/RANGER-5606
>             Project: Ranger
>          Issue Type: Improvement
>          Components: admin
>            Reporter: Madhan Neethiraj
>            Assignee: Bhavesh Amre
>            Priority: Major
>
> When a service is created in Ranger, a set of default policies are created - 
> one for each resource hierarchy, granting all access to the user specified in 
> service config {{{}username{}}}. These policies can be avoided by simply 
> setting service config {{ranger.plugin.super.users}} to designate the user as 
> superuser. This can eliminate a large number of default policies which end up 
> crowding UI.
> When default policies are required while creating a service, it can be 
> handled with one of the following available options:
>  # Ensure service-def options section sets 
> {{create.default.policy.per.hierarchy}} to {{true}} 
>  # Register a custom implementation RangerBaseService class in service-def, 
> to provide override of method {{getDefaultRangerPolicies()}}
>  # Using service-configurations having prefix {{{}default-policy.{}}}. For 
> example, please refer to 
> [create_ranger_services.py|https://github.com/apache/ranger/blob/master/dev-support/ranger-docker/scripts/admin/create-ranger-services.py#L47]
>  script used in docker setup.
> The ask is to change the default value of configuration 
> {{{}create.default.policy.per.hierarchy{}}}, from {{true}} to {{{}false{}}}, 
> in 
> [RangerBaseService.createDefaultPolicyPerHierarchy()|https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBaseService.java#L246].



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to