Skip to main content

PrivaceraCloud Documentation

Apache Ranger API

:

Each PrivaceraCloud account uses an internal Apache Ranger process to assist with the access control functions. This Apache Ranger process can be accessed directly via its REST API.

The Apache Ranger API is standardized and open source. For the full Ranger API specification, see Apache Ranger API and Apache Ranger Interactive Swagger Ranger API definition.

PrivaceraCloud allows the full use of the Ranger API but disallows modification, removal, or overwrite of itself as the Apache Ranger plug in. The following methods are disallowed and will return an HTTP Status 403 (Access Forbidden):

  • POST <RangerAdminURL>/service/plugins/definitions

  • PUT <RangerAdminURL>/service/plugins/definitions

  • DELETE <RangerAdminURL>/service/plugins/definitions

PrivaceraCloud Apache Ranger API Access

Establish access credentials for Basic Auth authentication.

Create an Admin Data Access User API Service Account

image92.png

The best practice is to create at least one Ranger API data access service account:

  1. Open Access Manager > Users/Groups/Roles, and create a user.

  2. Set the Role to Admin. Record the password.

image93.png

Generate a Ranger Admin API URL

  1. Open Settings > ApiKey, and click + Generate Api Key . image94.png

  2. In this first Generate Api Key dialog, set the purpose to "REST API Access" or similar and check the Never Expires box.

  3. Click Generate Api Key to proceed to the next dialog.

  4. In the second Generate Api Key dialog, under Ranger Admin URL, click Copy Url, then close the dialog

The Api Key page will display the added Api Key, similar to the following:

image95.png

Test and Confirm Access

The Ranger Admin URL will look similar to:

https://api.privaceracloud.com/api/13afxxxxxx6b981fxxxxxx2dc7cdd7xxxxxxa921636xxxxxx2d189d425b5f01

A full URL Ranger API service URI is "<RangerAdminURL>/service/<Ranger API Resource Path>".

Example

Using curl and the Ranger API "/plugins/services" method to confirm access, the full curl command is:

curl -u RangerAPI-Auth:ranger1234# https://api.privaceracloud.com/api/13afxxxxxx6b981fxxxxxx2dc7cdd7xxxxxxa921636xxxxxx2d189d425b5f01/service/plugins/services

A typical response would be:

{
    "startIndex": 0,
    "pageSize": 200,
    "totalCount": 1,
    "resultSize": 1,
    "sortType": "asc",
    "sortBy": "serviceId",
    "queryTimeMS": 1604017945463,
    "services": [
        {
            "id": 1,
            "guid": "8927fc53-4036-44a8-bc12-482d302164fc",
            "isEnabled": true,
            "createdBy": "Admin",
            "updatedBy": "Admin",
            "createTime": 1603341313000,
            "updateTime": 1603341313000,
            "version": 1,
            "type": "hive",
            "name": "privacera_hive",
            "displayName": "privacera_hive",
            "description": "Hive repo",
            "configs": {
                "password": "**",
                "jdbc.driverClassName": "org.apache.hive.jdbc.HiveDriver",
                "jdbc.url": "jdbc:hive2://localhost:10000",
                "username": "hive"
            },
            "policyVersion": 8,
            "policyUpdateTime": 1603341313000,
            "tagVersion": 1,
            "tagUpdateTime": 1603341313000
        }
    ]
}