Hi Eric, REST APIs is the general way to programmatically create, delete, update policies in Ranger. There are no Java APIs for this.
You may want to take a look at this document<https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+0.6+-+REST+APIs+for+Service+Definition%2C+Service+and+Policy+Management> for a list of REST APIs for managing services and policies. It is possible to use either policy-id or service-name and policy-name to update existing policy. Also, you may want to look at applyPolicy() API which may be suitable for your use case. Thanks, -Abhay From: Eric Alton <sultanapea...@hotmail.com<mailto:sultanapea...@hotmail.com>> Reply-To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" <user@ranger.apache.org<mailto:user@ranger.apache.org>> Date: Wednesday, August 9, 2017 at 1:49 PM To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" <user@ranger.apache.org<mailto:user@ranger.apache.org>> Subject: APIs to create, update, and delete policies I'm looking for suggestions on how best to implement this scenario. 1. User1 creates a table in their database. This should trigger the automatic creation of a Ranger policy granting User1 full access to the table. 2. User1 transfers ownership of the table to User2. The Ranger policy is updated to grant full access to User2 and remove access from User1. 3. User2 drops the table. The Ranger policy is deleted. Are the REST APIs the only way to programmatically create, delete, and update policies? We are using RangerBasePlugin.isAccessAllowed to test user access, but I don't see any Java APIs for policy creation and maintenance. Assuming the REST APIs are the only solution, it looks like the create policy REST API returns the policy ID. Do I need to store this ID so that it can be used to update and delete the policy later? In other words, is there any way to update or delete a policy by passing in fields other than the ID (ie. policy name, or table schema + table name + user)?
