Skip to main content

Privacera Platform

Provide user access to Ranger KMS


To provide user access to the keys needed for encryption, you must create a policy in Apache Ranger KMS. To do so, follow these steps:

  1. Log in to the Ranger portal and select Access Manager > Resource Based Policies.

  2. In the KMS section, click privacera_kms.

  3. In the List of Policies: privacera_kms section, click Add New Policy.

  4. In the Create Policy screen, enter the following information to create a policy and provide access to the user:

    • Policy Name: Enter the access policy name.

    • Policy Label: Enter a label name (optional).

    • Key Name: Type a character to list the existing key names that are already generated in Ranger.

    • Description: Enter a description for the policy.

    • Audit Logging: Toggle Yes or No.

  5. In the Allow Conditions section, select the following:

    • Select Role: Enter or select from existing roles.

    • Select Group: Enter or select from existing group.

    • Select User: This is the username that will be used in the encryption API - select or enter a new user name.

    • Add Permissions: Select user permissions - Create, Delete, Rollover, Set Key Material, Get, Get Keys, Get Metadata, Generate EEK, Decrypt EEK, Select/Deselect All.

    • Delegate Admin: If this user is delegate as the admin.

  6. Similarly, for specific users, you can select users to Exclude from Allow Conditions, Deny Conditions, Exclude from Deny Conditions.

  7. Click Add to save the policy.

Provide user access for Encryption Service

To set user access for the Encryption Service in the Apache Ranger KMS, follow these steps:

  1. Log in to the Ranger portal.

  2. In the Access Manager tab, select privacera_kms policy.

  3. Click the edit button next to the all - key policy.

  4. In the Allow Conditions section, search and select privacera_service_discovery user from the Select User dropdown menu.