Hi Eric,

REST APIs is the general way to programmatically create, delete, update 
policies in Ranger. There are no Java APIs for this.

You may want to take a look at this 
document<https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.6+-+REST+APIs+for+Service+Definition%2C+Service+and+Policy+Management>
 for a list of REST APIs for managing services and policies. It is possible to 
use either policy-id or service-name and policy-name to update existing policy. 
Also, you may want to look at applyPolicy() API which may be suitable for your 
use case.

Thanks,
-Abhay

From: Eric Alton <sultanapea...@hotmail.com<mailto:sultanapea...@hotmail.com>>
Reply-To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" 
<user@ranger.apache.org<mailto:user@ranger.apache.org>>
Date: Wednesday, August 9, 2017 at 1:49 PM
To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" 
<user@ranger.apache.org<mailto:user@ranger.apache.org>>
Subject: APIs to create, update, and delete policies


I'm looking for suggestions on how best to implement this scenario.


  1.  User1 creates a table in their database. This should trigger the 
automatic creation of a Ranger policy granting User1 full access to the table.
  2.  User1 transfers ownership of the table to User2. The Ranger policy is 
updated to grant full access to User2 and remove access from User1.
  3.  User2 drops the table. The Ranger policy is deleted.

Are the REST APIs the only way to programmatically create, delete, and update 
policies? We are using RangerBasePlugin.isAccessAllowed to test user access, 
but I don't see any Java APIs for policy creation and maintenance.

Assuming the REST APIs are the only solution, it looks like the create policy 
REST API returns the policy ID. Do I need to store this ID so that it can be 
used to update and delete the policy later? In other words, is there any way to 
update or delete a policy by passing in fields other than the ID (ie. policy 
name, or table schema + table name + user)?

Reply via email to