Apache Ranger Overview

The Apache Ranger framework, provides a centralized platform which administers and regulates security policies across Hadoop components. Apache Ranger also provides a framework for collecting access audit history and reporting data.

Hadoop components

Hadoop components supported by Apache Ranger, include, but not limited to the following:

• Apache Hadoop HDFS

• Apache Hive

• Apache HBase

• Apache Storm

• Apache Knox

• Apache Solr

• Apache Kafka

• Apache NiFi

• Apache Atlas

• Apache Sqoop

• Apache Spark

• Apache Kudu

• Apache Kylin

• Apache Hadoop Ozone

• Apache Hadoop Yarn

Policies overview

Apache Ranger supports 2 types of policies:

1. resource-based

2. tag-based

Warning

The RangerCLI currently does not support tag-based policies.

Resource-based policies

Resource-based policies allows users to configure access policies on Hadoop services.

Tag-based policies

Tag-based policies allows users to configure access policies across mutliple Hadoop components without creating separate services and policies in each component.

Row-filter and masking policies in Hive

Apache Ranger supports row-level filters and column masking to set access policies for rows in Hive tables.

Row-level filtering in Hive

Row-level filtering helps simplify authoring of the Hive query, and provides seamless behind-the-scenes enforcement of row-level segmentation without having to add this logic to the predicate of the query.

Data masking in Hive

Resource-based column masking

Column masking capabilities protect sensitive data in Hive in near real-time. You can set policies that mask or anonymize sensitive data columns from Hive query output.

Tag-based column masking

Tag-based masking policy anonymizes Hive column data based on tags and tag attribute values associated with Hive column.

Apache Ranger