Set User Access to Ranger KMS

To give user access to the keys needed for encryption create a policy in Apache Ranger KMS as follows:

  1. Log in to Ranger and select Access Manager>Resource Based Policies.

  2. Under KMS, click privacera_kms.

  3. Under List of Policies: privacera_kms, click Add New Policy.

  4. In the Create Policy screen, enter the following information to create a policy and provide access to the user:

    • Policy Name: Enter the access policy name.

    • Policy Label: Optional label name.

    • Key Name: Type a character to list the existing key names that are already generated in Ranger.

    • Description: Enter a description for the policy.

    • Audit Logging: Toggle Yes or No.

  5. Under Allow Conditions, select the following:

    • Select Role: Enter or select from existing roles.

    • Select Group: Enter or select from existing group.

    • Select User: This is the username that will be used in the encryption API - select or enter a new user name.

    • Add Permissions: Select user permissions - Create, Delete, Rollover, Set Key Material, Get, Get Keys, Get Metadata, Generate EEK, Decrypt EEK, Select/Deselect All.

    • Delegate Admin: If this user is delegate as the admin.

  6. Similarly, for specific users, you can select users to Exclude from Allow Conditions, Deny Conditions, Exclude from Deny Conditions.

  7. Click Add to save the policy. 

Last update: July 23, 2021