YARN plugin

Enable plugin

To enable the Ranger YARN plugin, follow the steps below:

  1. Go to the CLUSTERS → <your_ADH_cluster> → Services page.

  2. Click green arrow at YARN and select the Manage Ranger Plugin action.

  3. Select the required state in checkbox (enabled or disabled).

    adh manage ranger plugin
    Plugin state
  4. If you choose the enabled state, then a default policy will be applied to the Ranger for the YARN plugin.

  5. Click Run.

Add a new policy to a service

To add a new policy to an existing YARN service, you should perform the following actions:

  1. In the Service Manager window, click an existing service in the YARN tab.

    ranger admin policy yarn
    Service Manager
    ranger admin policy yarn is dark
    Service Manager
  2. In the YARN_existing_service window, click add new policy to add the new policy.

    ranger admin addnewpol
    ranger admin addnewpol is dark
  3. On the Service Manager → <YARN_existing_service> → Create Policy page, fill in the required fields.

    In the Policy Details section:

    • Policy Name — a policy name. This name can’t be duplicated across the system. This field is required.

      • Click enable to enable policy name.

      • Click override to override the existing policy name.

    • Policy Label — provides the following features:

      • Allows to group the sets of policies with one or more labels.

      • Allows searching for policies by label names. You can use search on the Policy listing page and on the Report page.

      • Helps to export/import policies. If a user has to export some specific set of policies, then they can search for a policy label and export the specific set of policies.

    • Queue — the fundamental unit of scheduling in YARN.

      • Recursive — you can indicate whether all files or folders within the existing folder should be affected by the policy. Can be used instead of wildcard characters.

    • Description — describe the purpose of the policy. This field is optional.

    • Audit Logging — click YES to enable audit for the policy.

    In the Allow Conditions section:

    • Select Role — specify the role to which this policy applies. A role is a collection of permissions. Roles present an easier way to manage a set of permissions based on specific access criteria.

    • Select Group — specify the groups to which this policy applies. To promote the user to Administrator, select the Delegate Admin checkbox. Administrators can edit or delete the policy and create child policies. The public group contains all users, so granting access to the public group grants access to all users.

    • Select User — specify a user to which this policy applies (outside an already-specified group) or make the user an Administrator for this policy. Administrators can create child policies based on existing policies.

    • Permissions — add or edit permissions.

    • Delegate Admin — use to grant administrator privileges to the users or groups specified in the policy.

    Click ranger grey plus to add additional conditions. Conditions take priority in the order listed in the policy. The condition at the top of the list is applied first, then the second, then the third, and so on.

  4. Click Add.

Found a mistake? Seleсt text and press Ctrl+Enter to report it