We use cookies to improve site navigation, analyze site usage, and enhance your user experience. Click "Accept" to enable cookies or "Reject" to reject cookies. To learn more, read our Privacy Policy.

connectors

No menu items for this category
Home/Connectors/Security/Ranger
Collate Documentation
Apache Ranger

Apache Ranger

Beta
Available In
Feature List
Reverse Metadata (Collate Only)

In this section, we provide guides and references to use the Apache Ranger connector for reverse metadata ingestion.

Configure and schedule Apache Ranger reverse metadata workflows from the OpenMetadata UI:

Requirements

Apache Ranger Setup

Apache Ranger 2.0 or greater is required. The user should have access to the Apache Ranger Admin API with appropriate privileges to manage policies and tags.

Permissions

The user connecting to Apache Ranger should have the following permissions:

  • Access to Apache Ranger Admin API endpoints
  • Write access to policies and tag definitions
  • Write access to tag management
  • Read access to service definitions for verification

Connection Details

We support Apache Ranger with Basic Authentication using username and password.

Reverse Metadata Ingestion

The Apache Ranger connector is designed specifically for reverse metadata ingestion. This means that OpenMetadata will sync metadata information (primarily tags) from your data sources back to Apache Ranger.

How Reverse Metadata Works

  1. Configure Ranger as Sink Service: Set up Apache Ranger as a sink service in your reverse metadata configuration
  2. Source Service Integration: When you ingest metadata from source services like Snowflake, Trino, or other databases, OpenMetadata can sync this metadata back to Ranger
  3. Tag Synchronization: Currently, we sync tag information from OpenMetadata to Apache Ranger, allowing you to manage security policies based on discovered metadata
  4. Policy Management: While we sync tags to Ranger, the communication between Ranger and your specific data sources needs to be configured separately

Important Considerations

  • Service Name Matching: The service name configured in Apache Ranger must match exactly with the service name in OpenMetadata for reverse metadata synchronization to work properly
  • Tag Synchronization: Currently, we only sync tag information to Ranger.
  • Source-Ranger Communication: You are responsible for configuring the communication between Apache Ranger and your actual data sources. OpenMetadata only handles the metadata synchronization to Ranger
  • Bidirectional Sync: This is currently a one-way sync from OpenMetadata to Ranger

Metadata Ingestion

1. Visit the Services Page

Click Settings in the side navigation bar and then Services.

The first step is to ingest the metadata from your sources. To do that, you first need to create a Service connection first.

This Service will be the bridge between OpenMetadata and your source system.

Once a Service is created, it can be used to configure your ingestion workflows.

Visit Services Page

Select your Service Type and Add a New Service

2. Create a New Service

Click on Add New Service to start the Service creation.

Create a new Service

Add a new Service from the Services page

3. Select the Service Type

Select Apache Ranger as the Service type and click Next.

Select Service

Select your Service from the list

4. Name and Describe your Service

Provide a name and description for your Service.

Service Name

OpenMetadata uniquely identifies Services by their Service Name. Provide a name that distinguishes your deployment from other Services, including the other Apache Ranger Services that you might be ingesting metadata from.

Note that when the name is set, it cannot be changed.

Add New Service

Provide a Name and description for your Service

5. Configure the Service Connection

In this step, we will configure the connection settings required for Apache Ranger.

Please follow the instructions below to properly configure the Service to read from your sources. You will also find helper documentation on the right-hand side panel in the UI.

Configure Service connection

Configure the Service connection by filling the form

Troubleshooting

Connection Issues

  • Verify that the Apache Ranger Admin service is running and accessible
  • Check network connectivity between OpenMetadata and Apache Ranger
  • Ensure the provided credentials have the necessary write permissions for tags and policies

Authentication Issues

  • Verify username and password for basic authentication
  • Ensure the user account is active and has proper permissions in Apache Ranger

Reverse Metadata Issues

  • Verify that the service name in Apache Ranger matches exactly with the service name in OpenMetadata
  • Check if the user has write permissions for tag and policy management in Ranger
  • Ensure that the source service (Trino, etc.) is properly configured in OpenMetadata before setting up reverse metadata

API Access Issues

  • Verify that the user has write access to Apache Ranger APIs for tags and policies
  • Check if the Apache Ranger API endpoints are enabled and accessible
  • Ensure proper permissions are granted for policy and tag management operations