Apache Ranger provides a centralized framework for permission management, implementing fine-grained access control for components in the Hadoop ecosystem, such as HDFS, Hive, YARN, Kafka, Storm, and Solr. It also provides a UI that allows administrators to perform operations more conveniently.
Create a cluster
Select the Ranger service when you create a cluster in E-MapReduce 2.9.2/3.9.0 or later on the E-MapReduce console.
If an E-MapReduce cluster 2.9.2/3.9.0 or later has been created without Ranger, you can go to the Clusters and Services page to add it.
- When Ranger is enabled, there is no impact or limitation on the application until the security control policy is set.
- The user policy set in Ranger is the cluster Hadoop account.
After installing Ranger on the cluster, click Manage in the Actions column, and then click Access Links and Ports in the navigation pane on the left. You can then access the Ranger UI by clicking on the link, as shown in the following figure.
Enter the Ranger UI. The default user name and password are both admin, as shown in the following figure.
Modify the password
After you first log on, the administrator needs to modify the password of the admin account, as shown in the following figure.
After you change the admin password, in the admin drop-down list in the upper-right corner, click Log Out. You can then log on again with the new password.
Integrate Ranger into other services
After completing the preceding steps, you can integrate Ranger into the services in the cluster to control the relevant permissions. For more information, see the following: