Skip to main content

Privacera Documentation

Table of Contents

Apache Ranger API on PrivaceraCloud

Each PrivaceraCloud account uses an internal Apache Ranger process to assist with the access control functions. This Apache Ranger process can be accessed directly via its REST API.

The Apache Ranger API is standardized and open source. For the full Ranger API specification, see Apache Ranger API and Apache Ranger Interactive Swagger Ranger API definition.

PrivaceraCloud allows the full use of the Ranger API but disallows modification, removal, or overwrite of itself as the Apache Ranger plug in. The following methods are disallowed and will return an HTTP Status 403 (Access Forbidden):

  • POST <RangerAdminURL>/service/plugins/definitions

  • PUT <RangerAdminURL>/service/plugins/definitions

  • DELETE <RangerAdminURL>/service/plugins/definitions

  • GET <RangerAdminURL>/xaudit/access_audit

  • GET <RangerAdminURL>/service/assets/accessAudit

  • GET <RangerAdminURL>/service/metrics/prometheus

Apache Ranger API

Details about the Apache Ranger API are on the Apache Ranger official site.

Use only public/ REST API endpoints

Apache Ranger's REST API includes both public and private API endpoints. Private endpoints are used internally and not for public use.

Note

Be sure that you work only with endpoints whose paths include public/ and documented in Ranger's Public API section.

PrivaceraCloud Apache Ranger API Access

Establish access credentials for Basic Auth authentication.

Create an Admin Data Access User API Service Account

image92.png

The best practice is to create at least one Ranger API data access service account:

  1. Open Access Manager > Users/Groups/Roles, and create a user.

  2. Set the Role to Admin. Record the password.

image93.png

Generate a Ranger Admin API URL

Perform following steps to generate Ranger admin API URL:

  1. Under PrivaceraCloud portal, go to Settings > API Keys. Click GENERATE API KEY .

  2. Under Generate Api Key dialog, define the purpose as "REST API Access" or similar and select the Never Expires checkbox.

  3. Click GENERATE API KEY to proceed with the next dialog.

  4. In the second Generate Api Key dialog, under Ranger Admin URL, click COPY URL, then close the dialog.

    Note

    DO NOT use the Ranger Audit URL to get the audits from the Privacera Cloud. The Ranger Audit URL is required to send the audits from plugins into the PrivaceraCloud.

    In case you need to download the bulk audits regularly from the PrivaceraCloud, see Configure Audit Access Settings on PrivaceraCloudConfigure Audit Access Settings on PrivaceraCloud

Figure 9. Generate API key using Ranger Admin URL
Generate API key using Ranger Admin URL


The API Keys page displays the added API Key as shown in the following image.

image95.png

Test and Confirm Access

The Ranger Admin URL will look similar to:

https://api.privaceracloud.com/api/13afxxxxxx6b981fxxxxxx2dc7cdd7xxxxxxa921636xxxxxx2d189d425b5f01

A full URL Ranger API service URI is "<RangerAdminURL>/service/<Ranger API Resource Path>".

Example

Using curl and the Ranger API "/plugins/services" method to confirm access, the full curl command is:

curl -u RangerAPI-Auth:ranger1234# https://api.privaceracloud.com/api/13afxxxxxx6b981fxxxxxx2dc7cdd7xxxxxxa921636xxxxxx2d189d425b5f01/service/public/v2/api/service/

A typical response would be as follows:

[
    {
        "id": 1,
        "guid": "64316aca-b77c-4a69-adee-79c35ba5187a",
        "isEnabled": true,
        "createdBy": "Admin",
        "updatedBy": "Admin",
        "createTime": 1662554708000,
        "updateTime": 1688369299000,
        "version": 9,
        "type": "hive",
        "name": "privacera_hive",
        "displayName": "privacera_hive",
        "description": "Hive repo",
        "tagService": "privacera_tag",
        "configs": {
            "password": "*****",
            "service.admin.users": "sally",
            "ranger.plugin.audit.filters": "[]",
            "jdbc.driverClassName": "org.apache.hive.jdbc.HiveDriver",
            "jdbc.url": "jdbc:hive2://localhost:10000",
            "username": "hive"
        },
        "policyVersion": 322,
        "policyUpdateTime": 1690539804000,
        "tagVersion": 7,
        "tagUpdateTime": 1678783956000
    },
    {
        "id": 2,
        "guid": "f7c6a531-1d87-46af-8f89-3b61d7aa836f",
        "isEnabled": true,
        "createdBy": "Admin",
        "updatedBy": "Admin",
        "createTime": 1663052998000,
        "updateTime": 1686658529000,
        "version": 4,
        "type": "s3",
        "name": "privacera_s3",
        "displayName": "privacera_s3",
        "description": "S3 repo",
        "configs": {
            "ranger.plugin.audit.filters": "[]",
            "username": "s3"
        },
        "policyVersion": 12,
        "policyUpdateTime": 1686658564000,
        "tagVersion": 1,
        "tagUpdateTime": 1663052998000
    }
]

For more details related to apache Ranger API list and Apache Ranger API Documentation, see Apache Ranger API List and Ranger API Documentation.