BT

New Early adopter or innovator? InfoQ has been working on some new features for you. Learn more

Apache Ranger Graduates to Top-Level Project

| by Alexandre Rodrigues Follow 0 Followers on Mar 14, 2017. Estimated reading time: 1 minute |

Apache Ranger, a security management framework for Apache Hadoop ecosystem, graduated to top level. Ranger is used as a centralized component to define and administer security policies that are enforced across supported Hadoop components such as Apache HBase, Hadoop (HDFS and YARN), Apache Hive, Apache Kafka, Apache Solr, among others.

Ranger provides a standard authorization method across the supported Hadoop components via access control policies. Being standard, it also provides a centralized component for auditing user access and for security related administrative actions across components.

Policies are defined and enforced with an attribute-based approach. In conjunction with Apache Atlas, a governance solution and metadata repository for Apache Hadoop, it is possible to define tag based security, by classifying files and data assets with tags, and controlling users and user groups accesses to a set of tags.

Ranger’s capabilities also include Dynamic Policies, when access depends on some dynamic factor such as time. It is possible to limit access to a resource based on time of the day, IP address or even geographical location.

Apache Ranger’s architecture is composed of a Ranger Policy Admin Server, that stores policies in a relational database (common deployments use MySQL). Each supported component (e.g. Hive, HDFS, etc.) runs the Ranger plugin that performs authorization checks for all the accessed resources (e.g. file, database, table, column). Authorizations are always based on the defined policies that are fetched from centralized Admin Server, by default every 30 seconds. Plugins work in case Admin Server is down, although the best practice is to configure it with high-availability.

Integration with external systems for authorization is another useful feature for the enterprise. The supported authentication mechanisms include LDAP/AD and Unix authentication. Ranger can write audit records into Apache Solr.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT