...
Simple steps to create Auditor role user:
Using admin role user credentials login in ranger
Go to Settings => user/groups tab
Click on add user button
Fill in the details and select Auditor from the drop down of select role and save to create a user with Auditor role.
Simple steps assign KMS Auditor role to a user:
- Create a user using ranger admin credentials or choose one of the synced users.
Login to Ranger Admin using credentials of a user having role keyadmin.
In users groups tab select the user whose role you want to change to KMS Auditor.
From the dropdown of Select role, Select KMSAduitor role and save it to update role of user.
Apache JIRA
Other things to be Noted :
The objective behind Auditor role user is to allow Auditors to view all information that a Admin role user can see. User with role Auditor will get a read-only view of a Admin role user.
That is auditor role user will be blocked from create/update/delete/import/exportJson of all api in ranger UI and curl command.
The objective behind KMS Auditor role user is to allow KMS Auditors to view all information that a Keyadmin can see on Ranger UI. User with KMS Auditor role will get a read-only view of a Keydmin role user.
That is Kms Auditor role user will be blocked from create/update/delete/import/exportJson of all api in ranger UI and curl command.
Auditor/KmsAuditor role user even if made as delegate admin in any policies of any services will be restricted from create/update/delete/import/exportJson ie it will only have view access based on its role.
KMS Auditor will not be able to get keys even if that user is added in policy.
Auditor and KMS Auditor role users can change their password.
We don’t have any default user with Auditor or KMS Auditor role.
...