Resources. Example: database, table, column, etc.
Access types. Example: select, update, create, drop, etc.
Configuration to connect to the service. Example: JDBC URL, JDBC driver, credentials, etc.
Load the JSON into Ranger.
Develop Ranger Authorization
During initialization of the service:
Create a static/global instance of RangerBasePlugIn class (or a class derived from this). Keep a reference to this instance for later – to authorize resource access.
Call init() on this instance. This will initialize the policy-engine with the policies from local cache and trigger a background thread to periodically update policies from the Ranger Admin.
Register an audit handler, like RangerDefaultAuditHandler, with the plugin instance. Plugin will use this audit handler to generate audit logs of resource accesses.
Resources of a service, along with other details like type of resource accesses (read/write/create/delete/submit/…), configuration needed to connect to the service (url, username, password, …) , custom conditions to evaluate in policies (IP range, …), etc., are defined using JSON – as shown in the following example.
Example: YARN Service Type definition