yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-08-09 17:48:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenMetadata/openmetadata-docs/content/v1.9.x-SNAPSHOT/connectors/security/ranger/index.md
Keshav Mohta f8b588e6f0
Feature: Security Service (#22450) 
* feat: security service initial code

* support secrity type for service from ui

* refactor: added missing java files for security service and require json files

* refactor: added doc file, oneOf java changes for ranger

* Merge branch 'main' of https://github.com/open-metadata/OpenMetadata into issue-20145

* update the security services schema to have domains instead of domain

* fix: added security service metadata pipeline

* Make changes for security service UI

* Update missing translation

* update type

* Fix the java checkstyle

* fix: added ingestionRunner in security service json

* Hide security service for OSS

* fix: reverse metadata documentation

* refactor: added securityConnection in test connection

* fix: documentation and ts file changes

* fix: deleted __init__ file and added SSISConnection again in the workflowclassconverter.java

* fix: convert domain to domains

* fix: added new file for basicAuth for ranger and change in rangerConnectionClassConverter.java file

* fix: java checkstyle

* fix: mysql security service sql

* fix: security service index mapping

* fix: moved migrations in new version and fix classConverterFactory

---------

Co-authored-by: Chirag Madlani <12962843+chirag-madlani@users.noreply.github.com>
Co-authored-by: Aniket Katkar <aniketkatkar97@gmail.com>
2025-07-31 06:38:21 +02:00

4.3 KiB
Raw Blame History

title slug collate
Apache Ranger /connectors/security/ranger true

{% connectorDetailsHeader name="Apache Ranger" stage="Beta" platform="OpenMetadata" availableFeatures=["Reverse Metadata (Collate Only)"] unavailableFeatures=["Metadata", "Usage", "Data Profiler", "Data Quality", "Lineage"] / %}

In this section, we provide guides and references to use the Apache Ranger connector for reverse metadata ingestion.

Configure and schedule Apache Ranger reverse metadata workflows from the OpenMetadata UI:

Requirements

Apache Ranger Setup

Apache Ranger 2.0 or greater is required. The user should have access to the Apache Ranger Admin API with appropriate privileges to manage policies and tags.

Permissions

The user connecting to Apache Ranger should have the following permissions:

  • Access to Apache Ranger Admin API endpoints
  • Write access to policies and tag definitions
  • Write access to tag management
  • Read access to service definitions for verification
# Create a service user in Apache Ranger with the following permissions:
# - Write access to tag management
# - Write access to policy management
# - Read access to service definitions

Connection Details

We support Apache Ranger with Basic Authentication using username and password.

Reverse Metadata Ingestion

The Apache Ranger connector is designed specifically for reverse metadata ingestion. This means that OpenMetadata will sync metadata information (primarily tags) from your data sources back to Apache Ranger.

How Reverse Metadata Works

  1. Configure Ranger as Sink Service: Set up Apache Ranger as a sink service in your reverse metadata configuration
  2. Source Service Integration: When you ingest metadata from source services like Snowflake, Trino, or other databases, OpenMetadata can sync this metadata back to Ranger
  3. Tag Synchronization: Currently, we sync tag information from OpenMetadata to Apache Ranger, allowing you to manage security policies based on discovered metadata
  4. Policy Management: While we sync tags to Ranger, the communication between Ranger and your specific data sources needs to be configured separately

Important Considerations

  • Service Name Matching: The service name configured in Apache Ranger must match exactly with the service name in OpenMetadata for reverse metadata synchronization to work properly
  • Tag Synchronization: Currently, we only sync tag information to Ranger.
  • Source-Ranger Communication: You are responsible for configuring the communication between Apache Ranger and your actual data sources. OpenMetadata only handles the metadata synchronization to Ranger
  • Bidirectional Sync: This is currently a one-way sync from OpenMetadata to Ranger

Metadata Ingestion

{% partial file="/v1.9/connectors/metadata-ingestion-ui.md" variables={ connector: "Apache Ranger", selectServicePath: "/images/v1.9/connectors/domodasrangerhboard/select-service.png", addNewServicePath: "/images/v1.9/connectors/ranger/add-new-service.png", serviceConnectionPath: "/images/v1.9/connectors/ranger/service-connection.png", } /%}

Troubleshooting

Connection Issues

  • Verify that the Apache Ranger Admin service is running and accessible
  • Check network connectivity between OpenMetadata and Apache Ranger
  • Ensure the provided credentials have the necessary write permissions for tags and policies

Authentication Issues

  • Verify username and password for basic authentication
  • Ensure the user account is active and has proper permissions in Apache Ranger

Reverse Metadata Issues

  • Verify that the service name in Apache Ranger matches exactly with the service name in OpenMetadata
  • Check if the user has write permissions for tag and policy management in Ranger
  • Ensure that the source service (Trino, etc.) is properly configured in OpenMetadata before setting up reverse metadata

API Access Issues

  • Verify that the user has write access to Apache Ranger APIs for tags and policies
  • Check if the Apache Ranger API endpoints are enabled and accessible
  • Ensure proper permissions are granted for policy and tag management operations