vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_1860.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

287 lines
45 KiB
HTML
Raw Blame History

<a name="mrs_01_1860"></a><a name="mrs_01_1860"></a>
<h1 class="topictitle1">Adding a Ranger Access Permission Policy for Spark2x</h1>
<div id="body1595917971925"><div class="section" id="mrs_01_1860__section1861148182711"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_1860__p757895715271">The <span id="mrs_01_1860__ph1389213457234">Ranger</span><span id="mrs_01_1860__ph733184682310"> </span>administrator can use Ranger to set permissions for Spark2x users.</p>
<div class="note" id="mrs_01_1860__note135446014445"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ol id="mrs_01_1860__ol49910317445"><li id="mrs_01_1860__li16497339193811">After Ranger authentication is enabled or disabled on Spark2x, you need to restart Spark2x.</li><li id="mrs_01_1860__li3991143174417">Download the client again or manually update the client configuration file <em id="mrs_01_1860__i17570192861912">Client installation directory</em><strong id="mrs_01_1860__b199783373192">/Spark2x/spark/conf/spark-defaults.conf</strong>.<p id="mrs_01_1860__p1799123184413">Enable Ranger: <strong id="mrs_01_1860__b2771105832514">spark.ranger.plugin.authorization.enable=true</strong></p>
<p id="mrs_01_1860__p49911534441">Disable Ranger: <strong id="mrs_01_1860__b18895552122518">spark.ranger.plugin.authorization.enable=false</strong></p>
</li><li id="mrs_01_1860__li149918316441">In Spark2x, spark-beeline (applications connected to JDBCServer) supports the Ranger IP address filtering policy (<strong id="mrs_01_1860__b179416167269">Policy Conditions</strong> in the Ranger permission policy), while spark-submit and spark-sql do not.</li></ol>
</div></div>
</div>
<div class="section" id="mrs_01_1860__section11493172153315"><h4 class="sectiontitle">Prerequisites</h4><ul id="mrs_01_1860__ul5357197143515"><li id="mrs_01_1860__li735717193519">The Ranger service has been installed and is running properly.</li><li id="mrs_01_1860__li167971451121816">The Ranger authentication function of the Hive service has been enabled. After the Hive service is restarted, the Spark2x service is restarted.</li><li id="mrs_01_1860__li19563173342811">You have created users, user groups, or roles for which you want to configure permissions.</li><li id="mrs_01_1860__li6117312131211">The created user has been added to the <strong id="mrs_01_1860__b14681174010409">hive</strong> user group.</li></ul>
</div>
<div class="section" id="mrs_01_1860__section747294016257"><h4 class="sectiontitle">Procedure</h4><ol id="mrs_01_1860__ol1065893219380"><li id="mrs_01_1860__li2701103575612"><span>Log in to the Ranger management page.</span></li><li id="mrs_01_1860__li18658932173820"><span>On the home page, click the component plug-in name in the <strong id="mrs_01_1860__b18509133918238">HADOOP SQL</strong> area, for example, <strong id="mrs_01_1860__b95154392230">Hive</strong>.</span><p><p id="mrs_01_1860__p33809015393"><span><img id="mrs_01_1860__image13898239408" src="en-us_image_0000001387880686.png"></span></p>
</p></li><li id="mrs_01_1860__li1955384410387"><span>On the <strong id="mrs_01_1860__b177311333173815">Access</strong> tab page, click <strong id="mrs_01_1860__b573253310389">Add New Policy</strong> to add a Spark2x permission control policy.</span><p><p id="mrs_01_1860__p112122873710"><span><img id="mrs_01_1860__image31217284377" src="en-us_image_0000001348770077.png"></span></p>
</p></li><li id="mrs_01_1860__li139634483403"><span>Configure the parameters listed in the table below based on the service demands.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1860__table4469841184115" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Spark2x permission parameters</caption><thead align="left"><tr id="mrs_01_1860__row2469841104115"><th align="left" class="cellrowborder" valign="top" width="25%" id="mcps1.3.3.2.4.2.1.2.3.1.1"><p id="mrs_01_1860__p846954194111">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="75%" id="mcps1.3.3.2.4.2.1.2.3.1.2"><p id="mrs_01_1860__p1346904194117">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1860__row1469174110419"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1860__p1469114120417">Policy Name</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1860__p1170216351566">Policy name, which can be customized and must be unique in the service.</p>
</td>
</tr>
<tr id="mrs_01_1860__row18961122118483"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1860__p119259713409">Policy Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1860__p9935105714451">IP address filtering policy, which can be customized. You can enter one or more IP addresses or IP address segments. The IP address can contain the wildcard character (*), for example, <strong id="mrs_01_1860__b128202323138">192.168.1.10</strong>,<strong id="mrs_01_1860__b78251132191319">192.168.1.20</strong>, or <strong id="mrs_01_1860__b10825632171315">192.168.1.*</strong>.</p>
</td>
</tr>
<tr id="mrs_01_1860__row9702113515617"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1860__p196910112228">Policy Label</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1860__p5695112225">A label specified for the current policy. You can search for reports and filter policies based on labels.</p>
</td>
</tr>
<tr id="mrs_01_1860__row104697417417"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1860__p1598819376474">database</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1860__p549418517525">Name of the Spark2x database to which the policy applies.</p>
<p id="mrs_01_1860__p27021335115617">The <span class="parmname" id="mrs_01_1860__parmname577284117237"><b>Include</b></span> policy applies to the current input object, and the <span class="parmname" id="mrs_01_1860__parmname10773041172314"><b>Exclude</b></span> policy applies to objects other than the current input object.</p>
</td>
</tr>
<tr id="mrs_01_1860__row1470233555620"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1860__p157028356562">table</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1860__p670293585615">Name of the Spark2x table to which the policy applies.</p>
<p id="mrs_01_1860__p3702183595616">To add a UDF-based policy, switch to UDF and enter the UDF name.</p>
<p id="mrs_01_1860__p1270243517563">The <span class="parmname" id="mrs_01_1860__parmname67361143152311"><b>Include</b></span> policy applies to the current input object, and the <span class="parmname" id="mrs_01_1860__parmname18736194342310"><b>Exclude</b></span> policy applies to objects other than the current input object.</p>
</td>
</tr>
<tr id="mrs_01_1860__row570273515615"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1860__p127021735135611">column</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1860__p127021035155616">Name of the column to which the policy applies. The value <strong id="mrs_01_1860__b18824142293918">*</strong> indicates all columns.</p>
<p id="mrs_01_1860__p207020354568">The <span class="parmname" id="mrs_01_1860__parmname11605104614231"><b>Include</b></span> policy applies to the current input object, and the <span class="parmname" id="mrs_01_1860__parmname661144615237"><b>Exclude</b></span> policy applies to objects other than the current input object.</p>
</td>
</tr>
<tr id="mrs_01_1860__row270323565619"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1860__p15697173210192">Description</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1860__p1869773261914">Policy description.</p>
</td>
</tr>
<tr id="mrs_01_1860__row12469141164113"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1860__p898812379471">Audit Logging</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1860__p18988437174719">Whether to audit the policy.</p>
</td>
</tr>
<tr id="mrs_01_1860__row29973720471"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1860__p11995376471">Allow Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1860__p18991137164717">Policy allowed condition. You can configure permissions and exceptions allowed by the policy.</p>
<p id="mrs_01_1860__p1819113143111">In the <strong id="mrs_01_1860__b6118113412138">Select Role</strong>, <strong id="mrs_01_1860__b14118534151311">Select Group</strong>, and <strong id="mrs_01_1860__b17119143441318">Select User</strong> columns, select the role, user group, or user to which the permission is to be granted, click <strong id="mrs_01_1860__b14119163451310">Add Conditions</strong>, add the IP address range to which the policy applies, and click <strong id="mrs_01_1860__b611943420130">Add Permissions</strong> to add the corresponding permission.</p>
<ul id="mrs_01_1860__ul183931610151418"><li id="mrs_01_1860__li2039341013144">select: permission to query data</li><li id="mrs_01_1860__li570323505611">update: permission to update data</li><li id="mrs_01_1860__li4703143512560">Create: permission to create data</li><li id="mrs_01_1860__li9703235135618">Drop: permission to drop data</li><li id="mrs_01_1860__li7703435185617">Alter: permission to alter data</li><li id="mrs_01_1860__li9703133505619">Index: permission to index data</li><li id="mrs_01_1860__li1470313513561">All: all permissions</li><li id="mrs_01_1860__li4703133510562">Read: permission to read data</li><li id="mrs_01_1860__li11703535185616">Write: permission to write data</li><li id="mrs_01_1860__li5703173555620">Temporary UDF Admin: temporary UDF management permission</li><li id="mrs_01_1860__li177031835195611">Select/Deselect All: Select or deselect all.</li></ul>
<p id="mrs_01_1860__p1470310353569">To add multiple permission control rules, click <span><img id="mrs_01_1860__image341133521514" src="en-us_image_0000001295930220.png"></span>.</p>
<p id="mrs_01_1860__p8404164411">If users or user groups in the current condition need to manage this policy, select <strong id="mrs_01_1860__b1534442419420">Delegate Admin</strong>. These users will become the agent administrators. The agent administrators can update and delete this policy and create sub-policies based on the original policy.</p>
</td>
</tr>
<tr id="mrs_01_1860__row899937184718"><td class="cellrowborder" valign="top" width="25%" headers="mcps1.3.3.2.4.2.1.2.3.1.1 "><p id="mrs_01_1860__p5991537154719">Deny Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="75%" headers="mcps1.3.3.2.4.2.1.2.3.1.2 "><p id="mrs_01_1860__p1799337194719">Policy rejection condition, which is used to configure the permissions and exceptions to be denied in the policy. The configuration method is similar to that of <strong id="mrs_01_1860__b1488724174212">Allow Conditions</strong>.</p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1860__t407ce486d4824c69ba125f7c1be82b9b" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Setting permissions</caption><thead align="left"><tr id="mrs_01_1860__r8970570f5e404ff3b4e26f1ec887b626"><th align="left" class="cellrowborder" valign="top" width="29.520000000000003%" id="mcps1.3.3.2.4.2.2.2.3.1.1"><p id="mrs_01_1860__a966f96441ec341ab81e25cd71592239c">Task</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="70.48%" id="mcps1.3.3.2.4.2.2.2.3.1.2"><p id="mrs_01_1860__a32ca2f2b7e424d8480ede0da91c11ded">Operation</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1860__r37ebca35241b4cae98114fef8e98c8dc"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1860__af314c609654c4df69886c974332dfe3d"><strong id="mrs_01_1860__b35201150154217">role admin</strong> operation</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1860__ol832433933118"><li id="mrs_01_1860__li5552134783210">On the home page, click <strong id="mrs_01_1860__b15945185174216">Settings</strong> and choose <strong id="mrs_01_1860__b18946185110422">Roles</strong> &gt; <strong id="mrs_01_1860__b1994615118427">Add New Role</strong>.</li><li id="mrs_01_1860__li12406174318318">Set <strong id="mrs_01_1860__b5991205214427">Role Name</strong> to <strong id="mrs_01_1860__b1599165210425">admin</strong>. In the <strong id="mrs_01_1860__b499155284214">Users</strong> area, click <strong id="mrs_01_1860__b29916524422">Select User</strong> and select a username.</li><li id="mrs_01_1860__li11324133923115">Click <strong id="mrs_01_1860__b1838453174219">Add Users</strong>, select <strong id="mrs_01_1860__b17838153194211">Is Role Admin</strong> in the row where the username is located, and click <strong id="mrs_01_1860__b1783815317429">Save</strong>.</li></ol>
<div class="note" id="mrs_01_1860__n768c024de71e4be5a7ca11d780550475"><span class="notetitle"> NOTE: </span><div class="notebody"><p class="textintable" id="mrs_01_1860__aeaaa930f124b470ca0f6c4f62ddfea8f">After being bound to the Hive administrator role, perform the following operations during each maintenance operation:</p>
<ol type="a" id="mrs_01_1860__o22025688792147a69a4b441a2e159ca0"><li id="mrs_01_1860__l3ec30b72298549d2b374d9add384655d">Log in to the node where the Hive client is installed as the client installation user.</li><li id="mrs_01_1860__l53e519f4f75e40b097f9a24dc70486d0">Run the following command to configure environment variables:<p class="litext" id="mrs_01_1860__a7cb143b430624aed9fcb7f62f733aa51"><a name="mrs_01_1860__l53e519f4f75e40b097f9a24dc70486d0"></a><a name="l53e519f4f75e40b097f9a24dc70486d0"></a>For example, if the Spark2x client installation directory is <strong id="mrs_01_1860__b753216276434">/opt/client</strong>, run <strong id="mrs_01_1860__b1553816275436">source /opt/client/bigdata_env</strong>.</p>
</li><li id="mrs_01_1860__l1a40354ae9674d0da669b4fc35cc918e">Run the following command to perform user authentication:<p class="litext" id="mrs_01_1860__a48755538b3d44de38791df7ed368ab85"><a name="mrs_01_1860__l1a40354ae9674d0da669b4fc35cc918e"></a><a name="l1a40354ae9674d0da669b4fc35cc918e"></a><strong id="mrs_01_1860__b9776234411">kinit Spark2x</strong><em id="mrs_01_1860__i128352114415">Service user</em></p>
</li><li id="mrs_01_1860__l68bc41f3262f4d78852dae085cb4dd1c">Run the following command to log in to the client tool:<p class="litext" id="mrs_01_1860__a3b73ca536c184361b13af264c16b1c1d"><a name="mrs_01_1860__l68bc41f3262f4d78852dae085cb4dd1c"></a><a name="l68bc41f3262f4d78852dae085cb4dd1c"></a><strong id="mrs_01_1860__aa1e3a7d17715434ea08b2578a5591503">spark-beeline</strong></p>
</li><li id="mrs_01_1860__le84ff71b118b4a48a9f24cbab9188f94">Run the following command to update the administrator permissions:<p id="mrs_01_1860__ac94d0dcac4814326b675097bfa097f1b"><a name="mrs_01_1860__le84ff71b118b4a48a9f24cbab9188f94"></a><a name="le84ff71b118b4a48a9f24cbab9188f94"></a><strong id="mrs_01_1860__a2707464e1e1147df8a1a6525470a5827">set role admin;</strong></p>
</li></ol>
</div></div>
</td>
</tr>
<tr id="mrs_01_1860__r32ef203c8450407ba2e7daaad43e84b3"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1860__p15432216890">Creating a database table</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1860__o03ff4239c1dd418a8aac1901b1a42eaf"><li id="mrs_01_1860__ld973a3178b874b2991a34724362edeaa">Enter the policy name in <strong id="mrs_01_1860__b13355412194411">Policy Name</strong>.</li><li id="mrs_01_1860__li864518168382">Enter and select the corresponding database on the right of <strong id="mrs_01_1860__b11937174716142">database</strong>. (If you want to create a database, enter the name of the database to be created or enter <strong id="mrs_01_1860__b17856125817145">*</strong> to indicate a database with any name, and then select the name.) Enter and select the corresponding table name on the right of <strong id="mrs_01_1860__b11262122814165">table</strong> and <strong id="mrs_01_1860__b180103231617">column</strong>. Wildcard characters (*) are supported.</li><li id="mrs_01_1860__l90a887e837424d2e9d0e4edb5bc29030">In the <strong id="mrs_01_1860__b131808338441">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1860__b5181733204419">Select User</strong> drop-down list.</li><li id="mrs_01_1860__la261edb792114984b435ac93df993a6c">Click <strong id="mrs_01_1860__b108051934161716">Add Permissions</strong> and select <strong id="mrs_01_1860__b128101034101713">Create</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1860__rc691dab3ec894d229b3089f314930b46"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1860__a63c7fa067a2c482ba8938e1eb2b5329b">Deleting a table</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1860__oa035ad8e31e345b68862f21f259a443f"><li id="mrs_01_1860__li2315817144220">Enter the policy name in <strong id="mrs_01_1860__b6919735154416">Policy Name</strong>.</li><li id="mrs_01_1860__li193151917114210">Enter and select the corresponding database on the right of <strong id="mrs_01_1860__b79807475175">database</strong>. (If you want to delete a database, enter the name of the database to be created or enter <strong id="mrs_01_1860__b11981184718176">*</strong> to indicate a database with any name, and then select the name.) Enter and select the corresponding table name on the right of <strong id="mrs_01_1860__b19981144718175">table</strong> and <strong id="mrs_01_1860__b0982154713171">column</strong>. Wildcard characters (*) are supported.</li><li id="mrs_01_1860__li11315151764214">In the <strong id="mrs_01_1860__b209031539204416">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1860__b12908173934420">Select User</strong> drop-down list.</li><li id="mrs_01_1860__li113151617154217">Click <strong id="mrs_01_1860__b588554084415">Add Permissions</strong> and select <strong id="mrs_01_1860__b1886440124420">Drop</strong>.<div class="note" id="mrs_01_1860__note6306952115115"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1860__p103071752105113">For CarbonData tables, only the owner of the corresponding database or table can perform the <strong id="mrs_01_1860__b18764141104414">drop</strong> operation.</p>
</div></div>
</li></ol>
</td>
</tr>
<tr id="mrs_01_1860__racaeeea562d449f6973523ddc07996a0"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1860__a8efa8e2e06224b16826141db91790a14"><strong id="mrs_01_1860__b62864614113">ALTER</strong> operation</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1860__o1781c8d0839d4117be5170cc4f1f0ec5"><li id="mrs_01_1860__li1353313215430">Enter the policy name in <strong id="mrs_01_1860__b8184154454414">Policy Name</strong>.</li><li id="mrs_01_1860__li15339328431">Enter and select the corresponding database on the right of <strong id="mrs_01_1860__b17502124616189">database</strong>, enter and select the corresponding table on the right of <strong id="mrs_01_1860__b1214115501811">table</strong>, and enter and select the corresponding column name on the right of <strong id="mrs_01_1860__b1686611213199">column</strong>. Wildcard characters (*) are supported.</li><li id="mrs_01_1860__li105332032164312">In the <strong id="mrs_01_1860__b1964512477445">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1860__b46451847134414">Select User</strong> drop-down list.</li><li id="mrs_01_1860__li12533163215437">Click <strong id="mrs_01_1860__b51111049114417">Add Permissions</strong> and select <strong id="mrs_01_1860__b2112164984415">Alter</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1860__redd589ffe6e7438aa2462b39d1caae46"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1860__a8cfcb2ad226748ba963e1a8cedcc5e63"><strong id="mrs_01_1860__b12795020441">LOAD</strong> operation</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1860__o3001b283aedf4d219d8470bcae96c133"><li id="mrs_01_1860__li6370130114411">Enter the policy name in <strong id="mrs_01_1860__b122211151124412">Policy Name</strong>.</li><li id="mrs_01_1860__li1837083016449">Enter and select the corresponding database on the right of <strong id="mrs_01_1860__b365161417195">database</strong>, enter and select the corresponding table on the right of <strong id="mrs_01_1860__b1658149196">table</strong>, and enter and select the corresponding column name on the right of <strong id="mrs_01_1860__b14662014151918">column</strong>. Wildcard characters (*) are supported.</li><li id="mrs_01_1860__li9370630154420">In the <strong id="mrs_01_1860__b73633215454">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1860__b8368721458">Select User</strong> drop-down list.</li><li id="mrs_01_1860__li537043094418">Click <strong id="mrs_01_1860__b1850483194520">Add Permissions</strong> and select <strong id="mrs_01_1860__b1650413334515">update</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1860__row208461944104814"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1860__p6846244144814"><strong id="mrs_01_1860__b550412412452">INSERT</strong> operation</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1860__ol1943920278504"><li id="mrs_01_1860__li1768413178452">Enter the policy name in <strong id="mrs_01_1860__b1436111516451">Policy Name</strong>.</li><li id="mrs_01_1860__li1668431764510">Enter and select the corresponding database on the right of <strong id="mrs_01_1860__b1634911183919">database</strong>, enter and select the corresponding table on the right of <strong id="mrs_01_1860__b18356415395">table</strong>, and enter and select the corresponding column name on the right of <strong id="mrs_01_1860__b183572011399">column</strong>. Wildcard characters (*) are supported.</li><li id="mrs_01_1860__li11684191718454">In the <strong id="mrs_01_1860__b179651687452">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1860__b6965138104518">Select User</strong> drop-down list.</li><li id="mrs_01_1860__li136846177456">Click <strong id="mrs_01_1860__b19133151010452">Add Permissions</strong> and select <strong id="mrs_01_1860__b1133910134519">update</strong>.</li><li id="mrs_01_1860__li134102491743">The user also needs to have the <strong id="mrs_01_1860__b13294142716191">submit-app</strong> permission of the Yarn task queue. By default, the Hadoop user group has the <strong id="mrs_01_1860__b34631839171912">submit-app</strong> permission of all Yarn task queues. For details about how to load a network instance to a cloud connection, see <a href="mrs_01_1859.html">Adding a Ranger Access Permission Policy for Yarn</a>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1860__row18471749134810"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1860__p188473491486"><strong id="mrs_01_1860__b859992312450">GRANT</strong> operation</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1860__ol19483751105320"><li id="mrs_01_1860__li1268101913594">Enter the policy name in <strong id="mrs_01_1860__b782722414451">Policy Name</strong>.</li><li id="mrs_01_1860__li162694192596">Enter and select the corresponding database on the right of <strong id="mrs_01_1860__b18202545396">database</strong>, enter and select the corresponding table on the right of <strong id="mrs_01_1860__b020344143918">table</strong>, and enter and select the corresponding column name on the right of <strong id="mrs_01_1860__b320419423917">column</strong>. Wildcard characters (*) are supported.</li><li id="mrs_01_1860__li32691199592">In the <strong id="mrs_01_1860__b122497274455">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1860__b424911272457">Select User</strong> drop-down list.</li><li id="mrs_01_1860__li162695198593">Select <strong id="mrs_01_1860__b14115192815451">Delegate Admin</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1860__row5871155414815"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1860__p387195434818"><strong id="mrs_01_1860__b112521329144512">ADD JAR</strong> operation</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1860__ol10597126501"><li id="mrs_01_1860__li1752610295174">Enter the policy name in <strong id="mrs_01_1860__b347212307457">Policy Name</strong>.</li><li id="mrs_01_1860__li552612981710">Click <strong id="mrs_01_1860__b1443013117459">database</strong>, and select <strong id="mrs_01_1860__b54307316458">global</strong> from the drop-down list. On the right of <strong id="mrs_01_1860__b596112329451">global</strong>, enter related information and select <strong id="mrs_01_1860__b896173254512">*</strong>.</li><li id="mrs_01_1860__li12526129171713">In the <strong id="mrs_01_1860__b15845183318451">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1860__b284533324511">Select User</strong> drop-down list.</li><li id="mrs_01_1860__li185267299177">Click <strong id="mrs_01_1860__b7939195114286">Add Permissions</strong> and select <strong id="mrs_01_1860__b13944051102816">Temporary UDF Admin</strong>.</li></ol>
</td>
</tr>
<tr id="mrs_01_1860__row16378165814810"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1860__p1437835844819"><strong id="mrs_01_1860__b560033534515">VIEW</strong> and <strong id="mrs_01_1860__b14600435194518">INDEX</strong> permissions</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1860__ol9638145913412"><li id="mrs_01_1860__li26390594343">Enter the policy name in <strong id="mrs_01_1860__b5593143684513">Policy Name</strong>.</li><li id="mrs_01_1860__li163916596347">On the right side of <strong id="mrs_01_1860__b20523173754517">database</strong>, enter the database name and select the corresponding database. (If you want to delete a database, enter the database name and select <strong id="mrs_01_1860__b19523337134512">*</strong>.) On the right side of <strong id="mrs_01_1860__b1152453717452">table</strong>, enter a table name and select the view and index names. On the right side of <strong id="mrs_01_1860__b95245375459">column</strong>, enter a Hive column name, and select <strong id="mrs_01_1860__b2524737184515">*</strong>.</li><li id="mrs_01_1860__li1390813261377">In the <strong id="mrs_01_1860__b54421239194512">Allow Conditions</strong> area, select a user from the <strong id="mrs_01_1860__b7442193914518">Select User</strong> drop-down list.</li><li id="mrs_01_1860__li1390862613378">Click <strong id="mrs_01_1860__b839104018451">Add Permissions</strong> and select permissions for the user as required.</li></ol>
</td>
</tr>
<tr id="mrs_01_1860__row198956194913"><td class="cellrowborder" valign="top" width="29.520000000000003%" headers="mcps1.3.3.2.4.2.2.2.3.1.1 "><p id="mrs_01_1860__p1089513118499">Operations on other user database tables</p>
</td>
<td class="cellrowborder" valign="top" width="70.48%" headers="mcps1.3.3.2.4.2.2.2.3.1.2 "><ol type="a" id="mrs_01_1860__ol760625883917"><li id="mrs_01_1860__li572424194017">Perform the preceding operations to add the corresponding permissions.</li><li id="mrs_01_1860__li15606145843912">Grant the read, write, and execution permissions on the HDFS paths of other user database tables to the current user. For details, see <a href="mrs_01_1856.html">Adding a Ranger Access Permission Policy for HDFS</a>.</li></ol>
</td>
</tr>
</tbody>
</table>
</div>
<div class="note" id="mrs_01_1860__note8604355182819"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_1860__p144751648103412">After Spark SQL access policy is added on Ranger, you need to add the corresponding path access policies in the HDFS access policy. Otherwise, data files cannot be accessed. For details, see <a href="mrs_01_1856.html">Adding a Ranger Access Permission Policy for HDFS</a>.</p>
<ul id="mrs_01_1860__ul18621716135016"><li id="mrs_01_1860__li1541362420379">The global policy in the Ranger policy is only used to associate with the <strong id="mrs_01_1860__b2464183822016">Temporary UDF Admin</strong> permission to control the upload of UDF packages.</li><li id="mrs_01_1860__li10867949155019">When Ranger is used to control Spark SQL permissions, the <strong id="mrs_01_1860__b149711447192018">empower</strong> syntax is not supported.</li></ul>
</div></div>
</p></li><li id="mrs_01_1860__li18337132412418"><span>Click <strong id="mrs_01_1860__b14850134017461">Add</strong> to view the basic information about the policy in the policy list. After the policy takes effect, check whether the related permissions are normal.</span><p><p id="mrs_01_1860__en-us_topic_0241932507_p63219632216">To disable a policy, click <span><img id="mrs_01_1860__en-us_topic_0241932507_image1876104732217" src="en-us_image_0000001296249696.png"></span> to edit the policy and set the policy to <strong id="mrs_01_1860__b10581591237">Disabled</strong>.</p>
<p id="mrs_01_1860__en-us_topic_0241932507_p1156483182316">If a policy is no longer used, click <span><img id="mrs_01_1860__en-us_topic_0241932507_image79841567249" src="en-us_image_0000001296249692.png"></span> to delete it.</p>
</p></li></ol>
</div>
<div class="section" id="mrs_01_1860__section17703153511562"><h4 class="sectiontitle">Data Masking of the Spark2x Table</h4><p id="mrs_01_1860__p2703123565618">Ranger supports data masking for Spark2x data. It can process the returned result of the <strong id="mrs_01_1860__b1231211816472">select</strong> operation you performed to mask sensitive information.</p>
<ol id="mrs_01_1860__ol4704143585618"><li id="mrs_01_1860__li4704835105615"><span>Log in to the Ranger WebUI and click the component plug-in name, for example, <strong id="mrs_01_1860__b11142415182118">Hive</strong>, in the <strong id="mrs_01_1860__b956522062111">HADOOP SQL</strong> area on the home page.</span></li><li id="mrs_01_1860__li117045355562"><span>On the <strong id="mrs_01_1860__b13522174712474">Masking</strong> tab page, click <strong id="mrs_01_1860__b10527164711476">Add New Policy</strong> to add a Spark2x permission control policy.</span></li><li id="mrs_01_1860__li47049353567"><span>Configure the parameters listed in the table below based on the service demands.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1860__table1870453545613" frame="border" border="1" rules="all"><caption><b>Table 3 </b>Spark2x data masking parameters</caption><thead align="left"><tr id="mrs_01_1860__row1370483505612"><th align="left" class="cellrowborder" valign="top" width="28.000000000000004%" id="mcps1.3.4.3.3.2.1.2.3.1.1"><p id="mrs_01_1860__p13704183565618">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="72%" id="mcps1.3.4.3.3.2.1.2.3.1.2"><p id="mrs_01_1860__p12704143525614">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1860__row8704143514567"><td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p370413575618">Policy Name</p>
</td>
<td class="cellrowborder" valign="top" width="72%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p2704193505618">Policy name, which can be customized and must be unique in the service.</p>
</td>
</tr>
<tr id="mrs_01_1860__row1403152910509"><td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p72831758185018">Policy Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="72%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p928320586504">IP address filtering policy, which can be customized. You can enter one or more IP addresses or IP address segments. The IP address can contain the wildcard character (*), for example, <strong id="mrs_01_1860__b13903103581318">192.168.1.10</strong>,<strong id="mrs_01_1860__b17903235121311">192.168.1.20</strong>, or <strong id="mrs_01_1860__b12903935191310">192.168.1.*</strong>.</p>
</td>
</tr>
<tr id="mrs_01_1860__row1810064965310"><td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p191006490539">Policy Label</p>
</td>
<td class="cellrowborder" valign="top" width="72%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p1610004916533">A label specified for the current policy. You can search for reports and filter policies based on labels.</p>
</td>
</tr>
<tr id="mrs_01_1860__row9704163516567"><td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p670415356567">Hive Database</p>
</td>
<td class="cellrowborder" valign="top" width="72%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p1070443575615">Name of the Spark2x database to which the current policy applies.</p>
</td>
</tr>
<tr id="mrs_01_1860__row147041335115611"><td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p8704173545618">Hive Table</p>
</td>
<td class="cellrowborder" valign="top" width="72%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p8704133516565">Name of the Spark2x table to which the current policy applies.</p>
</td>
</tr>
<tr id="mrs_01_1860__row2070419357566"><td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p6705103535619">Hive Column</p>
</td>
<td class="cellrowborder" valign="top" width="72%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p6705153510566">Name of the Spark2x column to which the current policy applies.</p>
</td>
</tr>
<tr id="mrs_01_1860__row117051235165615"><td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p1705123545619">Description</p>
</td>
<td class="cellrowborder" valign="top" width="72%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p8705835115618">Policy description.</p>
</td>
</tr>
<tr id="mrs_01_1860__row12705103510564"><td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p570513518569">Audit Logging</p>
</td>
<td class="cellrowborder" valign="top" width="72%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p1970510357569">Whether to audit the policy.</p>
</td>
</tr>
<tr id="mrs_01_1860__row770519359564"><td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p37053357566">Mask Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="72%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p1270523545618">In the <strong id="mrs_01_1860__b15948123761318">Select Group</strong> and <strong id="mrs_01_1860__b594933781310">Select User</strong> columns, select the user group or user to which the permission is to be granted, click <strong id="mrs_01_1860__b3949837101318">Add Conditions</strong>, add the IP address range to which the policy applies, then click <strong id="mrs_01_1860__b1894911377132">Add Permissions</strong>, and select <strong id="mrs_01_1860__b5949737131310">select</strong>.</p>
<p id="mrs_01_1860__p4705193565615">Click <strong id="mrs_01_1860__b49681657104815">Select Masking Option</strong> and select a data masking policy.</p>
<ul id="mrs_01_1860__ul10705203585611"><li id="mrs_01_1860__li870543515614">Redact: Use <strong id="mrs_01_1860__b174978264911">x</strong> to mask all letters and <strong id="mrs_01_1860__b15502326497">n</strong> to mask all digits.</li><li id="mrs_01_1860__li1670573525610">Partial mask: show last 4: Only the last four characters are displayed.</li><li id="mrs_01_1860__li157051535145615">Partial mask: show first 4: Only the first four characters are displayed.</li><li id="mrs_01_1860__li1570563515565">Hash: Perform hash calculation for data.</li><li id="mrs_01_1860__li1570519350560">Nullify: Replace the original value with the NULL value.</li><li id="mrs_01_1860__li1470553575618">Unmasked(retain original value): The original data is displayed.</li><li id="mrs_01_1860__li12705335205617">Date: show only year: Only the year information is displayed.</li><li id="mrs_01_1860__li1570553555613">Custom: You can use any valid Hive UDF (returns the same data type as the data type in the masked column) to customize the policy.</li></ul>
<p id="mrs_01_1860__p2705113585618">To add a multi-column masking policy, click <span><img id="mrs_01_1860__image18705103514569" src="en-us_image_0000001349169781.png"></span>.</p>
</td>
</tr>
<tr id="mrs_01_1860__row7705163575611"><td class="cellrowborder" valign="top" width="28.000000000000004%" headers="mcps1.3.4.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p27061035135614">Deny Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="72%" headers="mcps1.3.4.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p1706103595611">Policy rejection condition, which is used to configure the permissions and exceptions to be denied in the policy. The configuration method is similar to that of <strong id="mrs_01_1860__b1228324315535">Allow Conditions</strong>.</p>
</td>
</tr>
</tbody>
</table>
</div>
</p></li></ol>
</div>
<div class="section" id="mrs_01_1860__section1714014165515"><h4 class="sectiontitle">Spark2x Row-Level Data Filtering</h4><p id="mrs_01_1860__p1631710378412">Ranger allows you to filter data at the row level when you perform the <strong id="mrs_01_1860__b18860498539">select</strong> operation on Spark2x data tables.</p>
<ol id="mrs_01_1860__ol147024123710"><li id="mrs_01_1860__li1170251218717"><span>Log in to the Ranger WebUI and click the component plug-in name, for example, <strong id="mrs_01_1860__b14378112252419">Hive</strong>, in the <strong id="mrs_01_1860__b15386192220242">HADOOP SQL</strong> area on the home page.</span></li><li id="mrs_01_1860__li370281216712"><span>On the <strong id="mrs_01_1860__b1080035815311">Row Level Filter</strong> tab page, click <strong id="mrs_01_1860__b380545816534">Add New Policy</strong> to add a row data filtering policy.</span></li><li id="mrs_01_1860__li6702171214720"><span>Configure the parameters listed in the table below based on the service demands.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1860__table1702201213710" frame="border" border="1" rules="all"><caption><b>Table 4 </b>Parameters for filtering Spark2x row data</caption><thead align="left"><tr id="mrs_01_1860__row1470213121177"><th align="left" class="cellrowborder" valign="top" width="22.45%" id="mcps1.3.5.3.3.2.1.2.3.1.1"><p id="mrs_01_1860__p670217121076">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="77.55%" id="mcps1.3.5.3.3.2.1.2.3.1.2"><p id="mrs_01_1860__p87021612578">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1860__row0702212776"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p107024123717">Policy Name</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p20703912179">Policy name, which can be customized and must be unique in the service.</p>
</td>
</tr>
<tr id="mrs_01_1860__row140121610516"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p1230110171513">Policy Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p10301131765115">IP address filtering policy, which can be customized. You can enter one or more IP addresses or IP address segments. The IP address can contain the wildcard character (*), for example, <strong id="mrs_01_1860__b181911834181411">192.168.1.10</strong>,<strong id="mrs_01_1860__b1819215341144">192.168.1.20</strong>, or <strong id="mrs_01_1860__b11921834131413">192.168.1.*</strong>.</p>
</td>
</tr>
<tr id="mrs_01_1860__row13855184111911"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p1770311427911">Policy Label</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p12703144211912">A label specified for the current policy. You can search for reports and filter policies based on labels.</p>
</td>
</tr>
<tr id="mrs_01_1860__row1870313121875"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p67038121179">Hive Database</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p1070312121374">Name of the Spark2x database to which the current policy applies.</p>
</td>
</tr>
<tr id="mrs_01_1860__row1870310124719"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p5703212976">Hive Table</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p15703512375">Name of the Spark2x table to which the current policy applies.</p>
</td>
</tr>
<tr id="mrs_01_1860__row6703121211712"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p5703191217719">Description</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p37036121574">Policy description.</p>
</td>
</tr>
<tr id="mrs_01_1860__row1470315123717"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p1670319122072">Audit Logging</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p1670312128718">Whether to audit the policy.</p>
</td>
</tr>
<tr id="mrs_01_1860__row12703912273"><td class="cellrowborder" valign="top" width="22.45%" headers="mcps1.3.5.3.3.2.1.2.3.1.1 "><p id="mrs_01_1860__p127039121176">Row Filter Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="77.55%" headers="mcps1.3.5.3.3.2.1.2.3.1.2 "><p id="mrs_01_1860__p1670316121671">In the <strong id="mrs_01_1860__b471711449245">Select Role</strong>, <strong id="mrs_01_1860__b1372394412417">Select Group</strong>, and <strong id="mrs_01_1860__b11724184419245">Select User</strong> columns, select the object to which the permission is to be granted, click <strong id="mrs_01_1860__b172454412241">Add Conditions</strong>, add the IP address range to which the policy applies, then click <strong id="mrs_01_1860__b27251644132412">Add Permissions</strong>, and select <strong id="mrs_01_1860__b187251744102410">select</strong>.</p>
<p id="mrs_01_1860__p270391213720">Click <strong id="mrs_01_1860__b65341543175412">Row Level Filter</strong> and enter data filtering rules.</p>
<p id="mrs_01_1860__p10682174391411">For example, if you want to filter the data in the <strong id="mrs_01_1860__b11237166195510">zhangsan</strong> row in the <strong id="mrs_01_1860__b1624215655515">name</strong> column of <strong id="mrs_01_1860__b5242761551">table A</strong>, the filtering rule is <strong id="mrs_01_1860__b424256145511">name &lt;&gt;'zhangsan'</strong>. For more information, see the official Ranger document.</p>
<p id="mrs_01_1860__p2070316121671">To add more rules, click <span><img id="mrs_01_1860__image11703141212710" src="en-us_image_0000001296090052.png"></span>.</p>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="mrs_01_1860__li2703212975"><span>Click <strong id="mrs_01_1860__b347816322555">Add</strong> to view the basic information about the policy in the policy list.</span></li><li id="mrs_01_1860__li6703181214713"><span>After you perform the <strong id="mrs_01_1860__b1878913395559">select</strong> operation on a table configured with a data masking policy on the Spark2x client, the system processes and displays the data.</span></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_1849.html">Using Ranger (MRS 3.x)</a></div>
</div>
</div>
View Git Blame Copy Permalink