鑑權方法的定義一定會體現出權限模型的三要素:用戶,資源,權限
如果方法返回類型是void的,則插件通過拋異常來通知組件鑑權失敗。
如果方法返回類型是boolean的,則插件通過返回false來通知組件鑑權失敗。
下表列出了Ranger插件對所有支持的系統的擴展接口:
Service | Extensible Interface | Ranger Implement Class |
HDFS | org.apache.hadoop.hdfs.server.namenode.INodeAttributeProvider | org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer |
HBase | org.apache.hadoop.hbase.protobuf.generated.AccessControlProtos.AccessControlService.Interface | org.apache.ranger.authorization.hbase.RangerAuthorizationCoprocessor |
Hive | org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthorizerFactory | org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizerFactory |
Sqoop | org.apache.sqoop.security.AuthorizationValidator | org.apache.ranger.authorization.sqoop.authorizer.RangerSqoopAuthorizer |
Storm | org.apache.storm.security.auth.IAuthorizer | org.apache.ranger.authorization.storm.authorizer.RangerStormAuthorizer |
Solr | org.apache.solr.security.AuthorizationPlugin | org.apache.ranger.authorization.solr.authorizer.RangerSolrAuthorizer |
Kafka | kafka.security.auth.Authorizer | org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer |
Knox | org.apache.knox.gateway.deploy.ProviderDeploymentContributorBase | org.apache.ranger.authorization.knox.deploy.RangerPDPKnoxDeploymentContributor |
Kylin | org.apache.kylin.rest.security.ExternalAclProvider | org.apache.ranger.authorization.kylin.authorizer.RangerKylinAuthorizer |
YARN | org.apache.hadoop.yarn.security.YarnAuthorizationProvider | org.apache.ranger.authorization.yarn.authorizer.RangerYarnAuthorizer |
Atlas | org.apache.atlas.authorize.AtlasAuthorizer | org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer |
Nifi | NA | NA |