Thanks for your response Abhay. One small query. For integrating custom service with ranger, it is required that the service should send request with ‘rangerRequest.setUserGroups()’ to set list of groups to which a user belongs. Only then group based policies will take effect. My question is Apache Ranger already has all the user to group mapping information (via user sync if LDAP is enabled etc). Why is setUserGroups() required for each request ?
Regards, Rajat From: Abhay Kulkarni <akulka...@hortonworks.com<mailto:akulka...@hortonworks.com>> Reply-To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" <user@ranger.apache.org<mailto:user@ranger.apache.org>> Date: Wednesday, 23 May 2018 at 10:05 PM To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" <user@ranger.apache.org<mailto:user@ranger.apache.org>> Subject: Re: Custom service integration and Tag based policies Hi Rajat, Here are the steps required to enable Tagsync to map custom Atlas Entities to Ranger Entities (aka Service Resources). * Provide an implementation of AtlasResourceMapper Java class. You may look up other implementation classes such as AtlasHdfsResourceMapper or AtlasHiveResourceMapper which map hfds and hive Atlas entities to Ranger Service Resources respectively. Specifically, you need to implement buildResource() member function where your component’s RangerAtlasEntity object needs to be converted to generic RangerServiceResource object. * Set up the following Tagsync configuration parameter in ranger-tagsync-site.xml file. If using Ambari, you may do this by going to 'Ranger->Configs->Advanced->Custom ranger-tagsync-site->Add Property’. ranger.tagsync.atlas.custom.resource.mappers=<fully-qualified-name-of-the-implementation-class> * Ensure that the implementation class is in the class-path of tagsync. One way to do this is to place the JAR containing the implementation class in /usr/hdp/current/ranger-tagsync/lib directory. * Restart tagsync. * Check /var/log/ranger/tagsync/tagsync.out and /var/log/ranger/tagsync/tagsync.log files to ensure that there are no errors in initializing AtlasTagSource. Hope this helps. Thanks, -Abhay From: Rajat Goel <rajat.g...@guavus.com<mailto:rajat.g...@guavus.com>> Reply-To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" <user@ranger.apache.org<mailto:user@ranger.apache.org>> Date: Wednesday, May 23, 2018 at 7:02 AM To: "user@ranger.apache.org<mailto:user@ranger.apache.org>" <user@ranger.apache.org<mailto:user@ranger.apache.org>> Subject: Custom service integration and Tag based policies Hi, I am new to Ranger. I am trying to integrate my custom web service with Ranger for authorisation and policy management. I have successfully tested Resource based policy management integration of my web service with Ranger. Now I want to integrate and enable Tag based policy. I have added my custom types and entities in Atlas. How can I provide tag based policy and authorisation? While reading some documentation and code, I found that I will have to add implementation of ‘AtlasResourceMapper.java’ in Ranger Tag sync process on the lines of AtlasKafkaResourceMapper.java. Is my understanding correct? Can someone point me to any documentation on how to write a custom class which extends AtlasResourceMapper? Also, are there more steps/code that needs to be written or just the AtlasResourceMapper implementation will suffice? Thanks & Regards, Rajat