Apache Ranger Overview¶
The Apache Ranger framework, provides a centralized platform which administers and regulates security policies across Hadoop components. Apache Ranger also provides a framework for collecting access audit history and reporting data.
Hadoop components¶
Hadoop components supported by Apache Ranger, include, but not limited to the following:
Policies overview¶
Apache Ranger supports 2 types of policies:
resource-based
tag-based
Warning
The RangerCLI currently does not support tag-based policies.
Resource-based policies¶
Resource-based policies allows users to configure access policies on Hadoop services.
Tag-based policies¶
Tag-based policies allows users to configure access policies across mutliple Hadoop components without creating separate services and policies in each component.
Row-filter and masking policies in Hive¶
Apache Ranger supports row-level filters and column masking to set access policies for rows in Hive tables.
Row-level filtering in Hive¶
Row-level filtering helps simplify authoring of the Hive query, and provides seamless behind-the-scenes enforcement of row-level segmentation without having to add this logic to the predicate of the query.
Data masking in Hive¶
Resource-based column masking¶
Column masking capabilities protect sensitive data in Hive in near real-time. You can set policies that mask or anonymize sensitive data columns from Hive query output.
Tag-based column masking¶
Tag-based masking policy anonymizes Hive column data based on tags and tag attribute values associated with Hive column.