vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide/mrs_01_1863.html
Yang, Tong 6182f91ba8 MRS component operation guide_normal 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2022-12-09 14:55:21 +00:00

76 lines
11 KiB
HTML
Raw Blame History

<a name="mrs_01_1863"></a><a name="mrs_01_1863"></a>
<h1 class="topictitle1">Adding a Ranger Access Permission Policy for Storm</h1>
<div id="body1595917979464"><div class="section" id="mrs_01_1863__section1773015413812"><h4 class="sectiontitle">Scenario</h4><p id="mrs_01_1863__p145912965417">The <span id="mrs_01_1863__ph1389213457234">Ranger</span><span id="mrs_01_1863__ph733184682310"> </span>administrator can use Ranger to set permissions for Storm users.</p>
</div>
<div class="section" id="mrs_01_1863__section11493172153315"><h4 class="sectiontitle">Prerequisites</h4><ul id="mrs_01_1863__ul5357197143515"><li id="mrs_01_1863__li735717193519">The Ranger service has been installed and is running properly.</li><li id="mrs_01_1863__li19563173342811">You have created users, user groups, or roles for which you want to configure permissions.</li><li id="mrs_01_1863__li2938102915211">The Ranger authentication function has been enabled on the page. The option in the following figure controls whether to enable the Ranger plug-in for permission control. If the function is enabled, the Ranger authentication is used. Otherwise, the authentication mechanism of the component is used.</li></ul>
</div>
<div class="section" id="mrs_01_1863__section1634517215474"><h4 class="sectiontitle">Procedure</h4><ol id="mrs_01_1863__ol1374718171013"><li id="mrs_01_1863__li181773582294"><span>Log in to the Ranger web UI. Click <strong id="mrs_01_1863__b16232182211594">Storm</strong> in the <strong id="mrs_01_1863__b16233132295917">STORM</strong> area on the homepage.</span></li><li id="mrs_01_1863__li62151559132918"><span>Click <strong id="mrs_01_1863__b5588184175916">Add New Policy</strong> to add a Storm permission control policy.</span></li><li id="mrs_01_1863__li2838111393019"><span>Configure the parameters listed in the table below based on the service demands.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="mrs_01_1863__table13041634123020" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Storm permission parameters</caption><thead align="left"><tr id="mrs_01_1863__row33045341301"><th align="left" class="cellrowborder" valign="top" width="37.13%" id="mcps1.3.3.2.3.2.1.2.3.1.1"><p id="mrs_01_1863__p250385903017">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="62.870000000000005%" id="mcps1.3.3.2.3.2.1.2.3.1.2"><p id="mrs_01_1863__p1750345915308">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="mrs_01_1863__row15796155031815"><td class="cellrowborder" valign="top" width="37.13%" headers="mcps1.3.3.2.3.2.1.2.3.1.1 "><p id="mrs_01_1863__p4307132571818">Policy Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="62.870000000000005%" headers="mcps1.3.3.2.3.2.1.2.3.1.2 "><p id="mrs_01_1863__p16307172521816">IP address filtering policy, which can be customized. You can enter one or more IP addresses or IP address segments. The IP address can contain the wildcard character (*), for example, <strong id="mrs_01_1863__b157561051101815">192.168.1.10</strong>,<strong id="mrs_01_1863__b14756135112181">192.168.1.20</strong>, or <strong id="mrs_01_1863__b1975685141810">192.168.1.*</strong>.</p>
</td>
</tr>
<tr id="mrs_01_1863__row1586512681819"><td class="cellrowborder" valign="top" width="37.13%" headers="mcps1.3.3.2.3.2.1.2.3.1.1 "><p id="mrs_01_1863__p1209133121812">Policy Name</p>
</td>
<td class="cellrowborder" valign="top" width="62.870000000000005%" headers="mcps1.3.3.2.3.2.1.2.3.1.2 "><p id="mrs_01_1863__p29541331185710">Policy name, which can be customized and must be unique in the service.</p>
<p id="mrs_01_1863__p486512651811">The <span class="parmname" id="mrs_01_1863__parmname540281464010"><b>include</b></span> policy applies to the current input object, and the <span class="parmname" id="mrs_01_1863__parmname15403151454013"><b>exclude</b></span> policy applies to objects other than the current input object.</p>
</td>
</tr>
<tr id="mrs_01_1863__row0865146151817"><td class="cellrowborder" valign="top" width="37.13%" headers="mcps1.3.3.2.3.2.1.2.3.1.1 "><p id="mrs_01_1863__p14865186101818">Policy Label</p>
</td>
<td class="cellrowborder" valign="top" width="62.870000000000005%" headers="mcps1.3.3.2.3.2.1.2.3.1.2 "><p id="mrs_01_1863__p38659618181">A label specified for the current policy. You can search for reports and filter policies based on labels.</p>
</td>
</tr>
<tr id="mrs_01_1863__row58654614189"><td class="cellrowborder" valign="top" width="37.13%" headers="mcps1.3.3.2.3.2.1.2.3.1.1 "><p id="mrs_01_1863__p128651065188">Storm Topology</p>
</td>
<td class="cellrowborder" valign="top" width="62.870000000000005%" headers="mcps1.3.3.2.3.2.1.2.3.1.2 "><p id="mrs_01_1863__p1186517617184">Name of the topology to which the current policy applies. One or more values can be entered.</p>
</td>
</tr>
<tr id="mrs_01_1863__row148652691810"><td class="cellrowborder" valign="top" width="37.13%" headers="mcps1.3.3.2.3.2.1.2.3.1.1 "><p id="mrs_01_1863__p9568144293217">Description</p>
</td>
<td class="cellrowborder" valign="top" width="62.870000000000005%" headers="mcps1.3.3.2.3.2.1.2.3.1.2 "><p id="mrs_01_1863__p98652631813">Policy description.</p>
</td>
</tr>
<tr id="mrs_01_1863__row330483473019"><td class="cellrowborder" valign="top" width="37.13%" headers="mcps1.3.3.2.3.2.1.2.3.1.1 "><p id="mrs_01_1863__p1761012195481">Audit Logging</p>
</td>
<td class="cellrowborder" valign="top" width="62.870000000000005%" headers="mcps1.3.3.2.3.2.1.2.3.1.2 "><p id="mrs_01_1863__p106091219104812">Whether to audit the policy.</p>
</td>
</tr>
<tr id="mrs_01_1863__row10304163418303"><td class="cellrowborder" valign="top" width="37.13%" headers="mcps1.3.3.2.3.2.1.2.3.1.1 "><p id="mrs_01_1863__p360801934815">Allow Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="62.870000000000005%" headers="mcps1.3.3.2.3.2.1.2.3.1.2 "><p id="mrs_01_1863__p18991137164717">Policy allowed condition. You can configure permissions and exceptions allowed by the policy.</p>
<p id="mrs_01_1863__p1819113143111">In the <strong id="mrs_01_1863__b175153552184">Select Role</strong>, <strong id="mrs_01_1863__b9519175561813">Select Group</strong>, and <strong id="mrs_01_1863__b185196553188">Select User</strong> columns, select the role, user group, or user to which the permission is to be granted, click <strong id="mrs_01_1863__b17520955181820">Add Conditions</strong>, add the IP address range to which the policy applies, and click <strong id="mrs_01_1863__b252075511188">Add Permissions</strong> to add the corresponding permissions.</p>
<ul id="mrs_01_1863__ul183931610151418"><li id="mrs_01_1863__li2039341013144"><strong id="mrs_01_1863__b618713331215">Submit Topology</strong>: Submit a topology.<div class="note" id="mrs_01_1863__note0621817182"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="mrs_01_1863__p957913214189">The Submit Topology permission takes effect only when <strong id="mrs_01_1863__b031625111212">Storm Topology</strong> is set to <strong id="mrs_01_1863__b232210516215">*</strong>.</p>
</div></div>
</li><li id="mrs_01_1863__li198521174329"><strong id="mrs_01_1863__b1109128121211">File Upload</strong>: Upload a file.</li><li id="mrs_01_1863__li1989492010329"><strong id="mrs_01_1863__b182831611151213">File Download</strong>: Download a file.</li><li id="mrs_01_1863__li97666281328"><strong id="mrs_01_1863__b89138133120">Kill Topology</strong>: Delete a topology.</li><li id="mrs_01_1863__li4492203363214"><strong id="mrs_01_1863__b1955911701219">Rebalance</strong>: Perform the rebalance operation.</li><li id="mrs_01_1863__li1868163813324"><strong id="mrs_01_1863__b108236206126">Activate</strong>: Activate the topology permission.</li><li id="mrs_01_1863__li1586994283213"><strong id="mrs_01_1863__b3877182351218">Deactivate</strong>: Deactivate the topology permission.</li><li id="mrs_01_1863__li496454815324"><strong id="mrs_01_1863__b7361128141213">Get Topology Conf</strong>: Obtain topology configurations.</li><li id="mrs_01_1863__li137926520324"><strong id="mrs_01_1863__b106289314127">Get Topology</strong>: Obtain a topology.</li><li id="mrs_01_1863__li119826557321"><strong id="mrs_01_1863__b974973511219">Get User Topology</strong>: Obtain user's topology.</li><li id="mrs_01_1863__li197901031332"><strong id="mrs_01_1863__b2898038161212">Get Topology Info</strong>: Obtain topology information.</li><li id="mrs_01_1863__li8172214113310"><strong id="mrs_01_1863__b1137004218129">Upload New Credential</strong>: Upload a new credential.</li><li id="mrs_01_1863__li1247541184312"><strong id="mrs_01_1863__b17701019102312">Select/Deselect All</strong>: Select or deselect all.</li></ul>
<p id="mrs_01_1863__p239612133812">To add multiple permission control rules, click <span><img id="mrs_01_1863__image839151219386" src="en-us_image_0000001348770097.png"></span>.</p>
<p id="mrs_01_1863__p63931214386">If users or user groups in the current condition need to manage this policy, select <strong id="mrs_01_1863__b11241245137">Delegate Admin</strong>. These users will become the agent administrators. The agent administrators can update and delete this policy and create sub-policies based on the original policy.</p>
</td>
</tr>
<tr id="mrs_01_1863__row130463413301"><td class="cellrowborder" valign="top" width="37.13%" headers="mcps1.3.3.2.3.2.1.2.3.1.1 "><p id="mrs_01_1863__p1360515199489">Deny Conditions</p>
</td>
<td class="cellrowborder" valign="top" width="62.870000000000005%" headers="mcps1.3.3.2.3.2.1.2.3.1.2 "><p id="mrs_01_1863__p1799337194719">Policy rejection condition, which is used to configure the permissions and exceptions to be denied in the policy. The configuration method is similar to that of <strong id="mrs_01_1863__b33071856435">Allow Conditions</strong>.</p>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="mrs_01_1863__li1171204215226"><span>(Optional) Add the validity period of the policy. Click <strong id="mrs_01_1863__b15286139418">Add Validity period</strong> in the upper right corner of the page, set <strong id="mrs_01_1863__b20292531640">Start Time</strong> and <strong id="mrs_01_1863__b62931531147">End Time</strong>, and select <strong id="mrs_01_1863__b02941031441">Time Zone</strong>. Click <strong id="mrs_01_1863__b11108192014410">Save</strong>. To add multiple policy validity periods, click <span><img id="mrs_01_1863__en-us_topic_0241932507_image15741956174617" src="en-us_image_0000001349289377.png"></span>. To delete a policy validity period, click <span><img id="mrs_01_1863__en-us_topic_0241932507_image9741115619467" src="en-us_image_0000001349169805.png"></span>.</span></li><li id="mrs_01_1863__li1418573910418"><span>Click <strong id="mrs_01_1863__b2191172010420">Add</strong> to view the basic information about the policy in the policy list. After the policy takes effect, check whether the related permissions are normal.</span><p><p id="mrs_01_1863__en-us_topic_0241932507_p63219632216">To disable a policy, click <span><img id="mrs_01_1863__en-us_topic_0241932507_image1876104732217" src="en-us_image_0000001295770280.png"></span> to edit the policy and set the policy to <strong id="mrs_01_1863__b4745022114419">Disabled</strong>.</p>
<p id="mrs_01_1863__en-us_topic_0241932507_p1156483182316">If a policy is no longer used, click <span><img id="mrs_01_1863__en-us_topic_0241932507_image79841567249" src="en-us_image_0000001349169809.png"></span> to delete it.</p>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_1849.html">Using Ranger (MRS 3.x)</a></div>
</div>
</div>
View Git Blame Copy Permalink