As part of tasks taken in 1.0 release, 2 new roles named as Auditor and KMS Auditor has been introduced in ranger admin. They will have a read only access to all the services, policies, user/groups,audits and reports.
There are two ways to create Auditor or Kms Auditor role user, one is using ranger UI and curl command.
Using admin role user credentials login in ranger
Go to Settings => user/groups tab
Click on add user button
Fill in the details and select Auditor from the drop down of select role and save to create a user with Auditor role.
Login to Ranger Admin using credentials of a user having role keyadmin.
In users groups tab select the user whose role you want to change to KMS Auditor.
From the dropdown of Select role, Select KMSAduitor role and save it to update role of user.
The objective behind Auditor role user is to allow Auditors to view all information that a Admin role user can see. User with role Auditor will get a read-only view of a Admin role user.
That is auditor role user will be blocked from create/update/delete/import/exportJson of all api in ranger UI and curl command.
The objective behind KMS Auditor role user is to allow KMS Auditors to view all information that a Keyadmin can see on Ranger UI. User with KMS Auditor role will get a read-only view of a Keydmin role user.
That is Kms Auditor role user will be blocked from create/update/delete/import/exportJson of all api in ranger UI and curl command.
Auditor/KmsAuditor role user even if made as delegate admin in any policies of any services will be restricted from create/update/delete/import/exportJson ie it will only have view access based on its role.
KMS Auditor will not be able to get keys even if that user is added in policy.
Auditor and KMS Auditor role users can change their password.
We don’t have any default user with Auditor or KMS Auditor role.