The document outlines new features and improvements in Apache Ranger, including resource-based access specifications, support for time-sensitive and prioritized policies, and enhancements to data-masking through tag-based policies. It discusses performance improvements and the introduction of an information schema for better access management. The document also provides resources and links for contributing to the Apache Ranger project.

1. 1 © Hortonworks Inc. 2011–2018. All rights reserved
Apache Ranger—
New Features and Improvements
Abhay Kulkarni Apache Ranger PMC and Committer
Ramesh Mani Apache Ranger PMC and Committer

2. 2 © Hortonworks Inc. 2011–2018. All rights reserved
Apache Ranger—New Features and Improvements
• Apache Ranger Service Definition Overview
• Resource Based Access Specification
• Support for Time-sensitive Policies
• Prioritized Policies
• Information Schema
• Tag-based Policies for Data-Masking
• Performance Improvement
• Demo
GoalsAgenda

3. 3 © Hortonworks Inc. 2011–2018. All rights reserved
Service Manager
Ranger Admin

4. 4 © Hortonworks Inc. 2011–2018. All rights reserved
Allow user1 group users all access on all columns in customer details table
Ranger Policy—Hive

5. 5 © Hortonworks Inc. 2011–2018. All rights reserved
{ "id":1, "name": "sampleapp", "implClass": "", "label": "Sample App
Repository", "description": "Sample App Repository", "guid": "0d047247-bafe-
4cf8-8e9b-d5d377284b43",
"resources": [
// resource definition
], "accessTypes": [ // permissions definition
], "configs": [ ], "enums": [ ],
"contextEnrichers": [ ], "policyConditions":
[ ] }
Service Definition JSON

6. 6 © Hortonworks Inc. 2011–2018. All rights reserved
GoalsAgendaResource Based Access Specification
• If a component’s authorization model requires multiple resources, different
types of privileges for resources, and/or multiple hierarchies, the Service
Definition representing the model is more complex. Ranger now supports
specifying applicable privileges for different resources to help keep the model
cleaner and more aligned with component’s authorization model.
• Service Definition now supports cleaner representation of multiple resource
hierarchies in a more intuitive, tree structure specified through parent
attribute for each resource.

7. 7 © Hortonworks Inc. 2011–2018. All rights reserved
GoalsAgendaSupport for Time-sensitive Policies
• Ranger policies may now be specified as having a certain validity period. Such
policy will be enforced only during its validity period.

8. 8 © Hortonworks Inc. 2011–2018. All rights reserved
GoalsAgendaPrioritized Policies
• Ranger policies now support two priority levels; normal and high. Access
evaluation engine prioritizes policies with high level of priority over normal
policies.

9. 9 © Hortonworks Inc. 2011–2018. All rights reserved
GoalsAgendaInformation Schema
• Ranger now supports an API to retrieve, for a given resource, the set of
accesses granted to each user and group known to the Ranger statically.

10. 10 © Hortonworks Inc. 2011–2018. All rights reserved
GoalsAgendaTag-based Policies for Data-masking
• Ranger, in conjunction with Atlas, supports a higher level authorization model
based on metadata classification, commonly known as tag-based
authorization. Ranger now also provides support for data masking in addition
to plain authorization using classification.

11. 11 © Hortonworks Inc. 2011–2018. All rights reserved
GoalsAgendaPerformance Improvements
• Tag-sync - as required to handle increased load with new Atlas features
• Tag downloads
• Access evaluation performance

12. 12 © Hortonworks Inc. 2011–2018. All rights reserved
DEMO

13. 13 © Hortonworks Inc. 2011–2018. All rights reserved
Thank you!
Apache Ranger: how to contribute?
• Ranger Home : http://ranger.apache.org
• Ranger Wiki : https://cwiki.apache.org/confluence/display/RANGER
• Ranger JIRAs : https://issues.apache.org/jira/browse/RANGER
• Project Mailing Lists
• Users : user@ranger.apache.org
• Developers : dev@ranger.apache.org
• Commits : commits@ranger.apache.org

14. 14 © Hortonworks Inc. 2011–2018. All rights reserved
Thank you