Ranger

Beta

• Requirements
• Reverse Metadata Ingestion
• Connection Details
• Troubleshooting

​

Requirements

​

Apache Ranger Setup

​

Permissions

• Access to Apache Ranger Admin API endpoints
• Write access to policies and tag definitions
• Write access to tag management
• Read access to service definitions for verification

# Create a service user in Apache Ranger with the following permissions:
# - Write access to tag management
# - Write access to policy management
# - Read access to service definitions

​

Connection Details

​

Reverse Metadata Ingestion

​

How Reverse Metadata Works

1. Configure Ranger as Sink Service: Set up Apache Ranger as a sink service in your reverse metadata configuration
2. Source Service Integration: When you ingest metadata from source services like Snowflake, Trino, or other databases, OpenMetadata can sync this metadata back to Ranger
3. Tag Synchronization: Currently, we sync tag information from OpenMetadata to Apache Ranger, allowing you to manage security policies based on discovered metadata
4. Policy Management: While we sync tags to Ranger, the communication between Ranger and your specific data sources needs to be configured separately

​

Important Considerations

• Service Name Matching: The service name configured in Apache Ranger must match exactly with the service name in OpenMetadata for reverse metadata synchronization to work properly
• Tag Synchronization: Currently, we only sync tag information to Ranger.
• Source-Ranger Communication: You are responsible for configuring the communication between Apache Ranger and your actual data sources. OpenMetadata only handles the metadata synchronization to Ranger
• Bidirectional Sync: This is currently a one-way sync from OpenMetadata to Ranger

​

Metadata Ingestion

1

Visit the Services Page

Click `Settings` in the side navigation bar and then `Services`. The first step is to ingest the metadata from your sources. To do that, you first need to create a Service connection first. This Service will be the bridge between OpenMetadata and your source system. Once a Service is created, it can be used to configure your ingestion workflows.

2

Create a New Service

Click on _Add New Service_ to start the Service creation.

3

Select the Service Type

Select Ranger as the Service type and click _Next_.

4

Name and Describe your Service

Provide a name and description for your Service.

Service Name

OpenMetadata uniquely identifies Services by their **Service Name**. Provide a name that distinguishes your deployment from other Services, including the other Ranger Services that you might be ingesting metadata from. Note that when the name is set, it cannot be changed.

5

Configure the Service Connection

In this step, we will configure the connection settings required for Ranger. Please follow the instructions below to properly configure the Service to read from your sources. You will also find helper documentation on the right-hand side panel in the UI.

​

Troubleshooting

​

Connection Issues

• Verify that the Apache Ranger Admin service is running and accessible
• Check network connectivity between OpenMetadata and Apache Ranger
• Ensure the provided credentials have the necessary write permissions for tags and policies

​

Authentication Issues

• Verify username and password for basic authentication
• Ensure the user account is active and has proper permissions in Apache Ranger

​

Reverse Metadata Issues

• Verify that the service name in Apache Ranger matches exactly with the service name in OpenMetadata
• Check if the user has write permissions for tag and policy management in Ranger
• Ensure that the source service (Trino, etc.) is properly configured in OpenMetadata before setting up reverse metadata

​

API Access Issues

• Verify that the user has write access to Apache Ranger APIs for tags and policies
• Check if the Apache Ranger API endpoints are enabled and accessible
• Ensure proper permissions are granted for policy and tag management operations