The integration of Ranger and Atlas is a fundamental shift in how to provision access to assets within the Hadoop ecosystem. It allows for those who understand the content and classification of data to assign proper permissions based on data-specific attributes, rather than the current model of location- and user-based model. Furthermore, it provides a clear separation of duties and ensures the responsibility of maintaining data access security remains with the most appropriate teams: i.e. those who know the data best.
Moreover, data classification changes in Atlas trigger a change in Ranger policies to the appropriate authorization rules. It provides an agile approach to authorization. It further reduces the workload and stress on operational teams allowing for faster and accurate delivery.
With the ongoing evolution and maturation of the Hadoop ecosystem’s tools and services, data-driven authorization will scale in parallel. Essentially, it simplifies the number of policies defined across multiple services into a single policy per tag (data classification) that spans services. It takes careful planning and architecture to unlock these features in Atlas and Ranger.
The presentation will be a tutorial on how to:
• Structure user groups
• Add custom fields, entities, and tags to Atlas
• Inherit and chain Atlas entities and tags
• Configure Ranger to sync Atlas tags and assign permissions based on those tags
• Assign conditional permissions based on Atlas tags’ properties
• Integrate Atlas into your ingestion framework to auto assign metadata to your data
• A full run through of creating an entity, adding custom fields, adding tags, and configuring policies in Ranger to utilize the tag
The tutorial will also highlight key features in Atlas and different integration points within the Hadoop ecosystem. At the end of the tutorial, attendees should gain functional knowledge on how to authorize assets based on their metadata.