hawq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lisakowen <...@git.apache.org>
Subject [GitHub] incubator-hawq-docs pull request #105: Reconcile Feature/ranger integration ...
Date Wed, 29 Mar 2017 23:12:34 GMT
Github user lisakowen commented on a diff in the pull request:

    https://github.com/apache/incubator-hawq-docs/pull/105#discussion_r108806756
  
    --- Diff: markdown/ranger/ranger-integration-config.html.md.erb ---
    @@ -30,9 +30,14 @@ The Ranger Administrative UI is installed when you install HDP. You
configure th
     
     Installing or upgrading to HAWQ 2.2.0 installs the HAWQ Ranger Plug-in Service, but neither
configures nor registers the plug-in.  
     
    -In order to use Ranger for managing HAWQ authentication events, you must first install
and register several HAWQ JAR files on the Ranger Administration host. This is a one-time
configuration that establishes connectivity to your HAWQ cluster from the Ranger Administration
host. After you have registered the JAR files, you enable or disable Ranger integration in
HAWQ by setting the `hawq_acl_type` configuration parameter. After Ranger integration is enabled,
you must use the Ranger interface to create all security policies to manage access to HAWQ
resources. Ranger is pre-populated only with several policies to allow `gpadmin` superuser
access to default resources. See [Creating HAWQ Authorization Policies in Ranger](ranger-policy-creation.html)
for information about creating policies in Ranger.
    +To use Ranger for managing HAWQ authentication events, you must first install and register
several HAWQ JAR files on the Ranger Administration host. This one-time configuration establishes
connectivity to your HAWQ cluster from the Ranger Administration host. 
    +
    +The `hawq_acl_type` configuration parameter allows you to shift between managing access
policies through the HAWQ native interface or the Ranger policy manager. Ranger is initially
started started with the `hawq_acl_type` parameter set to `standalone.` After configuring
Ranger access policies, you set the `hawq_acl_type` configuration parameter to `ranger` to
enable Ranger policy management. 
    --- End diff --
    
    as this is an intro, something like "the hawq_acl_type server configuration parameter
controls the mode of authorization in place for hawq.  hawq uses native authorization by default.
you can enable ranger authorization with this parameter."  i don't think you need to get into
the values here.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message