Skip to content

Propagate Discovery Tags to Ranger#

Privacera Discovery allows you to classify information in files as tags when you scan files in a application. The tags can be used in access policies to configure access control for the application.

Apache Ranger requires the tagged information while applying a policy. This topic describes how you can propagate the tag details from Discovery to Apache Ranger.

This feature is supported for the following applications:

  • S3
  • Snowflake
  • Redshift
  • MSSQL
  • MySQL
  • Databricks SQL

Set up an application#

You need to set up an application where all the files to be scanned are stored. You can set up Access Management and Discovery for the applications below.

S3#

  1. Add S3 and enable Access Management and Discovery. See S3.

  2. Add custom properties in the Advanced tab of the application:

    • ranger.writer.enable=true
    • cluster_name=privacera
    • service_name=privacera_s3
  3. Navigate to Access Manager > Resource Policies. The privacera_s3 repository should be available.

Snowflake#

  1. Add Snowflake and enable Access Management and Discovery. See Snowflake.

  2. Add custom properties in the Advanced tab of the application:

    • ranger.writer.enable=true
    • cluster_name=privacera
    • service_name=privacera_snowflake
  3. Navigate to Access Manager > Resource Policies. The privacera_snowflake repository should be available.

Redshift#

  1. Add Redshift and enable Access Management and Discovery. See Redshift.

  2. Add custom properties in the Advanced tab of the application:

    • ranger.writer.enable=true
    • cluster_name=privacera
    • service_name=privacera_redshift
  3. Navigate to Access Manager > Resource Policies. The privacera_redshift repository should be available.

MSSQL#

  1. Add MSSQL and enable Access Management and Discovery. See MSSQL.

  2. Add custom properties in the Advanced tab of the application:

    • ranger.writer.enable=true
    • cluster_name=privacera
    • service_name=privacera_mssql
  3. Navigate to Access Manager > Resource Policies. The privacera_mssql repository should be available.

MySQL#

  1. Add MySQL and enable Access Management and Discovery. See MySQL.

  2. Add custom properties in the Advanced tab of the application:

    • ranger.writer.enable=true
    • cluster_name=privacera
    • service_name=privacera_hive
  3. Navigate to Access Manager > Resource Policies. The privacera_hive repository should be available.

Databricks SQL#

  1. Add Databricks SQL and enable Access Management and Discovery. See Databricks SQL.

  2. Add custom properties in the Advanced tab of the application:

    • ranger.writer.enable=true
    • cluster_name=privacera
    • service_name=privacera_hive
  3. Navigate to Access Manager > Resource Policies. The privacera_hive repository should be available.

Scan an application#

To create the tags, perform an offline or online scan. For more information, see Discovery Scan.

Once the scan gets completed, the tags associated with the resource in Discovery will be pushed to Ranger.

Validation#

You can use the following Ranger API to retrieve the pushed tagged information:

curl -i -L -k -u <username>:<password>-H "Content-type: application/json" -X GET <hostname-of-ranger>/service/tags/types

Where:

Create user#

  1. Navigate to Settings > User Management and then click Add.
  2. Enter the required details. Select role as Admin from the dropdown.
  3. Click Save.

Get Ranger Admin URL#

  1. Navigate to Settings > API Key and then click API Key info icon. The Api Key Info dialog appears.
  2. In the Ranger Admin URL, click Copy URL. It will be the endpoint to connect to Ranger.

Last update: March 11, 2022