vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/umn/admin_guide_000415.html
Yang, Tong 2195db241c MRS UMN 20231220 version update 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Reviewed-by: Rechenburg, Matthias <matthias.rechenburg@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2024-05-16 09:40:21 +00:00

20 lines
5.4 KiB
HTML
Raw Blame History

<a name="admin_guide_000415"></a><a name="admin_guide_000415"></a>
<h1 class="topictitle1">Switching Ranger Authentication</h1>
<div id="body1593331493817"><div class="section" id="admin_guide_000415__section129911458858"><h4 class="sectiontitle">Scenario</h4><p id="admin_guide_000415__p14390455171710">By default, the Ranger service is installed and Ranger authentication is enabled for a newly installed cluster in security mode. You can set fine-grained security access policies for accessing component resources through the permission plug-in of the component. If Ranger authentication is not required, the cluster administrator can manually disable Ranger authentication on the service page. After Ranger authentication is disabled, the system continues to perform permission control based on the role model of <span id="admin_guide_000415__text154091129192818">MRS</span> Manager when accessing component resources.</p>
<p id="admin_guide_000415__p1328751611431">In a cluster upgraded from an earlier version, Ranger authentication is not used by default when users access component resources. The cluster administrator can manually enable Ranger authentication after installing the Ranger service.</p>
<div class="note" id="admin_guide_000415__note161556791410"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="admin_guide_000415__ul1190763463814"><li id="admin_guide_000415__li119071634183812">In a cluster in security mode, the following components support Ranger authentication: HDFS, YARN, Kafka, Hive, HBase, Storm,, Impala, and Spark2x.</li><li id="admin_guide_000415__li05271254143916">In a cluster in non-security mode, Ranger supports permission control on component resources based on OS users. The following components support Ranger authentication: HBase, HDFS, Hive, Spark2x, and YARN.</li><li id="admin_guide_000415__li959713010817">After Ranger authentication is enabled, all authentication of the component will be managed by Ranger. The permissions set by the original authentication plug-in will become invalid (The ACL rules of HDFS and YARN components still take effect). Exercise caution when performing this operation. You are advised to deploy permissions on Ranger in advance.</li><li id="admin_guide_000415__li53715381485">After Ranger authentication is disabled, all authentication of the component will be managed by the permission plug-in of the component. The permission set on Ranger will become invalid. Exercise caution when performing this operation. You are advised to deploy permissions on Manager in advance.</li></ul>
</div></div>
</div>
<div class="section" id="admin_guide_000415__section3763331141310"><h4 class="sectiontitle">Enabling Ranger Authentication</h4><ol id="admin_guide_000415__ol13297879162010"><li id="admin_guide_000415__li164975055814"><span>Log in to <span id="admin_guide_000415__text13914312153315">MRS</span> Manager.</span></li><li id="admin_guide_000415__li7497505580"><span>Choose <strong id="admin_guide_000415__b1080972466114850">Cluster</strong> &gt; <strong id="admin_guide_000415__b1744541332114850">Services</strong>.</span></li><li id="admin_guide_000415__en-us_topic_0046736984_li56314915"><span>Click the specified service name on the service management page.</span></li><li id="admin_guide_000415__en-us_topic_0046737017_li66067432"><span>On the service details page, expand the <strong id="admin_guide_000415__b20588841104918">More</strong> drop-down list and select <strong id="admin_guide_000415__b137841953164911">Enable Ranger</strong>.</span></li><li id="admin_guide_000415__li58171183162647"><span>In the displayed dialog box, enter the password of the current login user and click <strong id="admin_guide_000415__b494871119114850">OK</strong>.</span></li><li id="admin_guide_000415__li271517458317"><span>In the service list, restart the service whose configuration has expired.</span></li></ol>
</div>
<div class="section" id="admin_guide_000415__section15295192185211"><h4 class="sectiontitle">Disabling Ranger Authentication</h4><ol id="admin_guide_000415__ol1776263125213"><li id="admin_guide_000415__li127631832528"><span>Log in to <span id="admin_guide_000415__text10935111620338">MRS</span> Manager.</span></li><li id="admin_guide_000415__li187631739528"><span>Choose <strong id="admin_guide_000415__b7286606514">Cluster</strong> &gt; <strong id="admin_guide_000415__b928714010516">Services</strong>.</span></li><li id="admin_guide_000415__li177631310526"><span>Click the specified service name on the service management page.</span></li><li id="admin_guide_000415__li376313125218"><span>On the service details page, expand the <strong id="admin_guide_000415__b13555177145117">More</strong> drop-down list and select <strong id="admin_guide_000415__b155563718511">Disable Ranger</strong>.</span></li><li id="admin_guide_000415__li27631138528"><span>Enter the password of the current login user and click <span class="uicontrol" id="admin_guide_000415__uicontrol1763537524"><b>OK</b></span>. In the displayed dialog box, click <strong id="admin_guide_000415__b5943522515">OK</strong>.</span></li><li id="admin_guide_000415__li137631635523"><span>In the service list, restart the service whose configuration has expired.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="admin_guide_000029.html">Other Service Management Operations</a></div>
</div>
</div>
View Git Blame Copy Permalink