Using Apache Ranger
Oracle Big Data Service supports Apache Ranger to provide fine-grained data access control in different Hadoop Ecosystem components.
To use Ranger with BDS, you must have Ranger installed in your environment. Big Data Service clusters with ODH version 1.1.0.309 or higher, Apache Ranger is installed and configured in the cluster nodes out of the box. If you are using Secure and HA clusters, it is enabled by default. Starting BDS 3.0.4, HDFS audit is enabled by default.
The Big Data Service version and ODH version are displayed on the Cluster Information tab of the cluster details page.
Using Ranger Plugins
Big Data Service supports Ranger plugins to enforce policies defined in Ranger Admin for a particular component.
Oracle Big Data Service supports Ranger plugins for HDFS, Yarn, Hive, HBase Spark, Kafka and Trino. Different plugins can be turned on/off through Ranger service in Ambari UI. By default, all the available plugins in Secure cluster are enabled. To configure Ranger plugins, see Configuring Ranger Plugins in Apache Ambari.
See Spark Job Might Fail With a 401 Error While Trying to Download the Ranger-Spark Policies for a known issue with Spark jobs failing while downloading Ranger-Spark policies.
The following ranger plugins are available in the Ranger:
| Component Name | ODH Version for 1.x | ODH Version for 2.x |
|---|---|---|
| Hadoop | 1.0 and later | All 2.x versions |
| Yarn | 1.0 and later | All 2.x versions |
| Hive | 1.0 and later | All 2.x versions |
| HBase | 1.0 and later | All 2.x versions |
| Spark | 1.0 and later | NOT APPLICABLE |
| Trino | 1.1.0.351 and later | All 2.x versions |