hawq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dyozie <...@git.apache.org>
Subject [GitHub] incubator-hawq-docs pull request #105: Reconcile Feature/ranger integration ...
Date Thu, 30 Mar 2017 15:16:46 GMT
Github user dyozie commented on a diff in the pull request:

    https://github.com/apache/incubator-hawq-docs/pull/105#discussion_r108954571
  
    --- Diff: markdown/ranger/ranger-overview.html.md.erb ---
    @@ -27,11 +27,11 @@ HAWQ supports using Apache Ranger for authorizing user access to HAWQ
resources.
     ## <a id="arch"></a>Policy Management Architecture
     Each HAWQ installation includes a Ranger plug-in service to support Ranger Policy management.
The Ranger plug-in service implements the Ranger REST API to bridge all requests between the
Ranger Policy Manager and a HAWQ instance. 
     
    -HAWQ also provides a JAR library that enables the Ranger Policy Manager to lookup HAWQ
metadata (the names of databases, schemas, tables, and so forth) to populate the user interface
and assist in creating new policies. This JAR uses a JDBC connection to HAWQ, and requires
a one-time registration with the Ranger Policy Manager. See [Configuring HAWQ to use Ranger
Policy Management](ranger-integration-config.html#enable). 
    +HAWQ also provides a JAR library that enables the Ranger Policy Manager to lookup HAWQ
metadata (the names of databases, schemas, tables, and so forth) to populate the user interface
and assist in creating new policies. This JAR uses a JDBC connection to HAWQ, and requires
a one-time registration with the Ranger Policy Manager. 
     
     A single configuration parameter, `hawq_acl_type` determines whether HAWQ defers all
policy management to Ranger via the plug-in service, or whether HAWQ handles authorization
natively using catalog tables. By default, HAWQ uses SQL commands to create all access policies,
and the policy information is stored in catalog tables.  When you enable Ranger integration
for policy management, any authorization policies that you have configured in HAWQ using SQL
no longer apply to your installation; you must create new policies using the Ranger interface.
See [Creating HAWQ Authorization Policies in Ranger](ranger-policy-creation.html)
     
    -The Ranger plug-in service caches Ranger policies locally on each HAWQ node to avoid
unnecessary round trips between the HAWQ node and the Ranger Policy Manager server. You can
use the configuration parameter `that` to control how frequently the plug-in service contacts
the Ranger Policy Manager to refresh cached policies. See [Changing the Frequency of Policy
Caching](ranger-integration-config.html#caching).
    +The Ranger plug-in service caches Ranger policies locally on each HAWQ node to avoid
unnecessary round trips between the HAWQ node and the Ranger Policy Manager server. You can
use the configuration parameter `that` to control how frequently the plug-in service contacts
the Ranger Policy Manager to refresh cached policies.
     
    --- End diff --
    
    Let's keep this link as well.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message