Introduction

Ranger has introduced a new functionality where users can import and export policies. It provides following features :

  1. Users can use it for cluster resiliency (backups).

  2. For moving policies from test clusters to production clusters.

  3. Also can export/import a specific subset of policies (such as those that pertain to specific resources or user/groups) or clone the entire repository (or multiple repositories) via Ranger Admin UI.

Users can import/export policies from the following screens: 

 

Pages from import-export is accessible from

Import

Export

Access Manager page

Yes(only JSON)

Yes(only JSON)

Access Manager Page at Component Level

Yes(only JSON)

Yes(only JSON)

Reports

No

Yes(JSON, EXCEL and CSV)

Export On Report Page:

NOTE: 

  • User can only import policies in json format.

  • When you export policies from the Access Manager page, the policies are automatically downloaded in JSON format. If you wish to export in Excel or CSV format, you need to export the policies from the Reports page.

Import Policy from Access Manager page for a specific service

  1. Click on IMPORT button to import policies for a specific service.



  2. Select a file to import the policies.

    import_policy_for_specifice_service_internal.png
            NOTE: Please make note that user can upload policies only in JSON file format.

  3. Select the file to import.
  4. You can only import policies in JSON format.
  5. The Override Policy option deletes all policies of the destination repositories.
  6. Service Mapping maps the downloaded file repository, i.e. source repository to destination repository.
  7. Click on Import.

Import Policy from Access Manager page for all services

  1. Click on IMPORT button from Access Manager Page.



  2. By default it will show all the components to upload the policies, as per the requirement user can also remove some of the services.



  3. Please select only JSON format files to upload policies. 

  4. Override Policy: This will delete all the policies from destination services and the policies from the source services provided will get created.

  5. Service Mapping: This will allow user to map the policies from source service to destination service.

  6. Click on Import Button.

Export Policies from Access Manager Page for specific service

  1. Click on the EXPORT button to download all the policies of specific service.



  2. Click the Export button.



  3. The file will get downloaded in JSON format.

Export Policies from Access Manager Page for all services

  1.  Click on the EXPORT button to download all the policies of all available services.


                                                                          NOTE: Please make note that user can download policies only in json file format.

  2. Click on export to download the multiple policies from different services.

Export Policies from Report Page

  1. Go to Report Page.

  2. Click on EXPORT button, user can download all policies in three different file formats.

  3. Also if user wants to download selected policies then search filter is available.

           

Audit-Admin-Logs for Import-Export Functionality

Import Policies

User can view import policy logs in audit-admin tab as follows:


Export Policies

User can view export policy logs in audit-admin tab as follows:

 


Search Filter in Audit-Admin for import-export actions

 User can also filter actions for import and export in audit-admin tab

 

Import-Export through Curl Commands

  • Import Policies through curl

    1. To Import policies from JSON file without servicesMap 
      curl -i -X POST -H "Content-Type: multipart/form-data" -F 'file=@/path/file.json' -u admin:admin http://<hostname>:<ranger-port>/service/plugins/policies/importPoliciesFromFile?isOverride=true

    2. To Import policies from JSON file with servicesMap
      curl -i -X POST -H "Content-Type: multipart/form-data" -F 'file=@/path/file.json'  -F ‘servicesMapJson=@/path/servicesMapping.json’ -u admin:admin http://<hostname>:<ranger-port>/service/plugins/policies/importPoliciesFromFile?isOverride=true

  • Export Policies through curl

    1. To export all policies
      curl -X GET --header "text/json" -H "Content-Type: text/json" -o file.json -u admin:admin "http://<hostname>:<ranger-port>/service/plugins/policies/exportJson"

    2. To export for specific HDFS resource
      curl -X GET --header "text/json" -H "Content-Type: text/json" -o file.json -u admin:admin "http://<hostname>:<ranger-port>/service/plugins/policies/exportJson?resource%3Apath=<path_name>"

    3. To export for policies for specific resource like : hive database & hive column
      curl -X GET --header "text/json" -H "Content-Type: text/json" -o file.json -u admin:admin "http://<hostname>:<ranger-port>/service/plugins/policies/exportJson??resource%3Adatabase=<database_name>&resource%3Acolumn=<column_name>"

Feature Access

  • The Ranger admin user can import and export only Resource & Tag based policies.

  • The Ranger KMS keyadmin user can import and export only KMS policies. 

Constraints

 To successfully import policies, use the following database versions:

  •  MariaDB: 10.1.16+
  •  MySQL: 5.6.x+
  •  Oracle: 11gR2+
  •  PostgreSQL: 8.4+
  •  MS SQL: 2008 R2+
  • No labels