Skip to content

Apache Ranger API

Each PrivaceraCloud account uses an internal Apache Ranger process to assist with the access control functions. This Apache Ranger process can be accessed directly via its REST API.

The Apache Ranger API is standardized and open source. See Apache Ranger API and Apache Ranger Interactive Swagger Ranger API definition for the complete Ranger API specification.

PrivaceraCloud allows the full use of the Ranger API but disallows changes, overwrite, or deletion of itself as the Apache Ranger plug in. See Disallowed Methods, below.  

PrivaceraCloud Apache Ranger API Access#

Establish access credentials for Basic Auth authentication.#

Create an Admin Data Access User API Service Account

The best practice is to create at least one Ranger API data access service accounts.

  1. Open Access Manager: Users/Groups/Roles - and create a user.
  2. Set the Role to Admin.  Record the password.  

Generate a Ranger Admin API URL#

Open Settings:ApiKey,  click + Generate Api Key .

In this first Generate Api Key dialog, set the purpose to "REST API Access" or similar and check the Never Expires box.
Click Generate Api Key  . to proceed to the next dialog. 

In the second Generate Api Key dialog, under Ranger Admin URL,
click on Copy Url, then close the dialog.  

The Api Key page will display the added Api Key, similar to the following:

Test and Confirm Access#

The Ranger Admin URL will look similar to:
https://api.privaceracloud.com/api/13afxxxxxx6b981fxxxxxx2dc7cdd7xxxxxxa921636xxxxxx2d189d425b5f01

A full URL Ranger API service URI is "<RangerAdminURL>/service/<Ranger API Resource Path>".

Example#

Using curl and the Ranger API "/plugins/services" method to confirm access, the full curl command and the response will be:

curl -u RangerAPI-Auth:ranger1234# https://api.privaceracloud.com/api/13afxxxxxx6b981fxxxxxx2dc7cdd7xxxxxxa921636xxxxxx2d189d425b5f01/service/plugins/services

A typical response (formatted for readability) would be:

{
    "startIndex": 0,
    "pageSize": 200,
    "totalCount": 1,
    "resultSize": 1,
    "sortType": "asc",
    "sortBy": "serviceId",
    "queryTimeMS": 1604017945463,
    "services": [
        {
            "id": 1,
            "guid": "8927fc53-4036-44a8-bc12-482d302164fc",
            "isEnabled": true,
            "createdBy": "Admin",
            "updatedBy": "Admin",
            "createTime": 1603341313000,
            "updateTime": 1603341313000,
            "version": 1,
            "type": "hive",
            "name": "privacera_hive",
            "displayName": "privacera_hive",
            "description": "Hive repo",
            "configs": {
                "password": "**",
                "jdbc.driverClassName": "org.apache.hive.jdbc.HiveDriver",
                "jdbc.url": "jdbc:hive2://localhost:10000",
                "username": "hive"
            },
            "policyVersion": 8,
            "policyUpdateTime": 1603341313000,
            "tagVersion": 1,
            "tagUpdateTime": 1603341313000
        }
    ]
}

Disallowed Methods

The following methods will return an HTTP Status 403 ("Access Forbidden").  This prevents removal, modification, or overwrite of PrivaceraClouds plugin component.

POST    <RangerAdminURL>/service/plugins/definitions
PUT      <RangerAdminURL>/service/plugins/definitions
DELETE <RangerAdminURL>/service/plugins/definitions


Last update: August 16, 2021