Ranger is available only when it is selected in Optional Components when you purchase a cluster. If you add the Ranger component after purchasing the cluster, the Web UI may be inaccessible. By default, when Ranger is installed, Ranger Admin and Ranger UserSync are deployed on the master node, and Ranger Plugin is deployed on the main daemon node of the embedded component.
When creating a cluster of the Hadoop type, you can select Ranger in Optional Components. The Ranger version varies depending on the EMR version you choose.
Note:
When the cluster type is Hadoop and the Ranger optional component is selected, EMR-Ranger will create services for HDFS and YARN by default and set default policies.
Ranger Web UI
Before accessing the Ranger Web UI, make sure that the current cluster is configured with a public IP and click the Ranger Web UI URL on the Cluster Service page.
After you are redirected, enter the username and password that you set when you purchased the cluster.
Integrating HBase with Ranger
Note:
Make sure that HBase related services are running normally and Ranger has been installed in the current cluster.
1. Add an EMR Ranger HBase service on the EMR Ranger Web UI.
2. Configure EMR Ranger HBase service parameters.
Parameter
Required
Description
Service Name
Yes
Service name, which is displayed on the main HBase component on the Ranger Web UI
In the above figure, the Users is hadoop and Policy Name is all-table, column-family, column, meaning HBase users have Region Balance, MemeStore Flush, Compaction, and Split permissions. Make sure that the created service has these permissions.
Parameter
Required
Description
HBase Table
Yes
HBase table name
HBase Column-family
Yes
Column family of the HBase table
HBase Column
Yes
Qualifiers of the column family
4. After the policy is added, it will take effect in about 30 seconds, then you can use user1 to perform operations on the column family and qualifiers of the order table.
