This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: formatting


    • Resources. Example: database, table, column, etc.

    • Access types. Example: select, update, create, drop, etc.

    • Configuration to connect to the service. Example: JDBC URL, JDBC driver, credentials, etc.

  • Load the JSON into Ranger.


Develop Ranger Authorization



During initialization of the service:

  1. Create a static/global instance of RangerBasePlugIn class (or a class derived from this). Keep a reference to this instance for later – to authorize resource access.

  2. Call init() on this instance. This will initialize the policy-engine with the policies from local cache and trigger a background thread to periodically update policies from the Ranger Admin.

  3. Register an audit handler, like RangerDefaultAuditHandler, with the plugin instance. Plugin will use this audit handler to generate audit logs of resource accesses.


Resources of a service, along with other details like type of resource accesses (read/write/create/delete/submit/…), configuration needed to connect to the service (url, username, password, …) , custom conditions to evaluate in policies (IP range, …), etc., are defined using JSON – as shown in the following example.

 Example: YARN Service Type definition


 "name": "yarn",

 "implClass": "",