Gangadhar By design, Ranger is an in-process plugin model. This helps us to scale along with your component and it is not the point of failure. E.g. If you have 100 node HBase cluster, then Ranger plugins within each HBase Region Server and do enforcement and collect the audit logs.
With proprietary closed software like Oracle or SQLServer, it comes difficult to implement the plugin, unless the component already supports an interface to override. Greenplum source is available, so might be able to write your plugin, provided it is properly abstracted. Currently, we are working with the HAWQ community to integrate with Ranger, but since HAWQ is in c/c++, the Ranger plugin would be hosted in a separate Java process and expose REST APIs. Similar design can be leveraged for non-java components. Another option is to use Ranger just to manage the privileges. We got similar requests to support S3 and one of the suggestions floated around was to support a design which manage the privileges for S3 buckets, but the enforcements will be still done by S3. If there are enough community interest and volunteers available, we could try out something. Bosco On 3/24/17, 12:47 PM, "Kadam, Gangadhar (GE Aviation, Non-GE)" <[email protected]> wrote: Hi, We are looking for centralized security framework which can provide security to both Enterprise Hadoop ecosystem (HDP2.5) as well as the existing RDBMS (PostgreSQL and Oracle) as well. We are currently using Hortonworks HDP2.5 distribution and already using Apache Ranger for Hive, Hbase etc and we would like to extend it to Greenplum(PostgreSQL), Oracle databases as well. Apache Ranger’s has extensible plugin model and it needs a policy store, for which it supports many RDBMS config. Can Apache Ranger be used to create a custom plugin for Oracle & PostgreSQL to provide security to Oracle & PostgreSQL tables as well. I can some pointers on the below link https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=53741207 Is this feasible to do it, what are the pros and cons of it and how should we go about it. Thanks! Gangadhar
