This is an automated email from the ASF dual-hosted git repository.
kassiez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris-website.git
The following commit(s) were added to refs/heads/master by this push:
new 74aab06b4df [ranger]Different versions use different configuration
files (#1677)
74aab06b4df is described below
commit 74aab06b4dfd0153ac6f1edf229f276f0f183497
Author: zhangdong <493738...@qq.com>
AuthorDate: Fri Jan 10 10:56:03 2025 +0800
[ranger]Different versions use different configuration files (#1677)
## Versions
- [x] dev
- [x] 3.0
- [x] 2.1
- [ ] 2.0
## Languages
- [x] Chinese
- [x] English
## Docs Checklist
- [ ] Checked by AI
- [ ] Test Cases Built
---
docs/admin-manual/auth/ranger.md | 42 ++++++++++++++++----
.../current/admin-manual/auth/ranger.md | 42 ++++++++++++++++----
.../version-2.1/admin-manual/auth/ranger.md | 2 +-
.../version-3.0/admin-manual/auth/ranger.md | 44 +++++++++++++++++----
static/images/ranger/catalog.png | Bin 0 -> 295337 bytes
static/images/ranger/column.png | Bin 0 -> 317696 bytes
static/images/ranger/database.png | Bin 0 -> 315959 bytes
static/images/ranger/global.png | Bin 0 -> 301839 bytes
static/images/ranger/group1.png | Bin 0 -> 305625 bytes
static/images/ranger/resource.png | Bin 0 -> 312356 bytes
static/images/ranger/table.png | Bin 0 -> 311527 bytes
.../version-2.1/admin-manual/auth/ranger.md | 2 +-
.../version-3.0/admin-manual/auth/ranger.md | 44 +++++++++++++++++----
13 files changed, 144 insertions(+), 32 deletions(-)
diff --git a/docs/admin-manual/auth/ranger.md b/docs/admin-manual/auth/ranger.md
index 0482cadea22..a35bbbc2bf8 100644
--- a/docs/admin-manual/auth/ranger.md
+++ b/docs/admin-manual/auth/ranger.md
@@ -239,20 +239,48 @@ Afterwards, you can see the created service in the Apache
Doris plug-in on the S
## Best Practices
### Configuring Permissions
-
1. Create `user1` in Doris.
2. Using the `admin` user in Doris, create a Catalog named `hive`.
3. Create `user1` in Ranger.
-4. Add a Policy in Ranger named `show_hive_catalog`
- 
+#### Global Priv
+Equivalent to Doris' internal authorization statement `grant select_priv on
*.*.* to user1`;
+- The global option can be found in the dropdown menu of the same level in the
catalog
+- Only `*` can be entered in the input box
+
+ 
+
+#### Catalog Priv
+Equivalent to Doris' internal authorization statement `grant select_priv on
hive.*.* to user1`;
+
+
+
+#### Database Priv
+Equivalent to Doris' internal authorization statement `grant select_priv on
hive.tpch.* to user1`;
+
+
+
+#### Table Priv
+Equivalent to Doris' internal authorization statement `grant select_priv on
hive.tpch.user to user1`;
+
+
+
+#### Column Priv
+Equivalent to Doris' internal authorization statement `grant
select_priv(name,age) on hive.tpch.user to user1`;
+
+
+
+#### Resource Priv
+Equivalent to Doris' internal authorization statement `grant usage_priv on
resource 'resource1' to user1`;
+- The resource option can be found in the dropdown menu of the same level in
the catalog
-5. Log in to Doris as `user1` and execute `show catalogs`; only the `hive`
catalog should be visible.
-6. Add a Policy in Ranger named `select_hive_catalog`
+
- !4ranger3](/images/ranger/ranger4.png)
+#### Workload Group Priv
+Equivalent to Doris' internal authorization statement `grant usage_priv on
workload group 'group1' to user1`;
+- The workload group option can be found in the dropdown menu of the same
level in the catalog
-7. Log in to Doris as `user1`. This user can now view or query all tables
under any database starting with `tpch` in the `hive` catalog.
+
### Row Policy Example
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/admin-manual/auth/ranger.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/admin-manual/auth/ranger.md
index 030c8aa035d..11dea70ab8a 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/admin-manual/auth/ranger.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/admin-manual/auth/ranger.md
@@ -239,20 +239,48 @@ Config Properties 部分参数含义如下:
## 最佳实践
### 配置权限
-
1. 在 Doris 中创建 `user1`。
2. 在 Doris 中,先使用 `admin` 用户创建一个 Catalog:`hive`。
3. 在 Ranger 中创建 `user1`。
-4. 在 Ranger 中添加一个 Policy:`show_hive_catalog`
- 
+#### 全局权限
+相当于 Doris 内部授权语句的 `grant select_priv on *.*.* to user1`;
+- catalog 同级下拉框可以找到 global 选项
+- 输入框里只能输入 `*`
+
+ 
+
+#### Catalog 权限
+相当于 Doris 内部授权语句的 `grant select_priv on hive.*.* to user1`;
+
+ 
+
+#### Database 权限
+相当于 Doris 内部授权语句的 `grant select_priv on hive.tpch.* to user1`;
+
+
+
+#### Table 权限
+相当于 Doris 内部授权语句的 `grant select_priv on hive.tpch.user to user1`;
+
+
+
+#### Column 权限
+相当于 Doris 内部授权语句的 `grant select_priv(name,age) on hive.tpch.user to user1`;
+
+
+
+#### Resource 权限
+相当于 Doris 内部授权语句的 `grant usage_priv on resource 'resource1' to user1`;
+- catalog 同级下拉框可以找到 resource 选项
-5. 使用 `user1` 登录 Doris,执行 `show catalogs`,只能看到 `hive` catalog。
-6. 在 Ranger 中添加一个 Policy:`select_hive_catalog`
+
- 
+#### Workload Group 权限
+相当于 Doris 内部授权语句的 `grant usage_priv on workload group 'group1' to user1`;
+- catalog 同级下拉框可以找到 workload group 选项
-7. 使用 `user1` 登录 Doris。该用户可以查看或查询 `hive` catalog 下,所有以 `tpch` 开头的 database
下的所有表。
+
### Row Policy 示例
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/admin-manual/auth/ranger.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/admin-manual/auth/ranger.md
index dc7bfc6686f..dacdfec0e9e 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/admin-manual/auth/ranger.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/admin-manual/auth/ranger.md
@@ -54,7 +54,7 @@ Apache Ranger 是一个用来在 Hadoop 平台上进行监控,启用服务,
3. 重启 Ranger 服务。
-4. 下载
[ranger-servicedef-doris.json](https://github.com/morningman/ranger/blob/doris-plugin/agents-common/src/main/resources/service-defs/ranger-servicedef-doris.json)
+4. 下载
[ranger-servicedef-doris.json](https://github.com/morningman/ranger/blob/doris-ranger-plugin-2.1/agents-common/src/main/resources/service-defs/ranger-servicedef-doris.json)
5. 执行以下命令上传定义文件到 Ranger 服务:
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/admin-manual/auth/ranger.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/admin-manual/auth/ranger.md
index 4ccfa638d01..b74a77cae78 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/admin-manual/auth/ranger.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/admin-manual/auth/ranger.md
@@ -54,7 +54,7 @@ Apache Ranger 是一个用来在 Hadoop 平台上进行监控,启用服务,
3. 重启 Ranger 服务。
-4. 下载
[ranger-servicedef-doris.json](https://github.com/morningman/ranger/blob/doris-plugin/agents-common/src/main/resources/service-defs/ranger-servicedef-doris.json)
+4. 下载
[ranger-servicedef-doris.json](https://github.com/morningman/ranger/blob/doris-ranger-plugin-3.0/agents-common/src/main/resources/service-defs/ranger-servicedef-doris.json)
5. 执行以下命令上传定义文件到 Ranger 服务:
@@ -239,20 +239,48 @@ Config Properties 部分参数含义如下:
## 最佳实践
### 配置权限
-
1. 在 Doris 中创建 `user1`。
2. 在 Doris 中,先使用 `admin` 用户创建一个 Catalog:`hive`。
3. 在 Ranger 中创建 `user1`。
-4. 在 Ranger 中添加一个 Policy:`show_hive_catalog`
- 
+#### 全局权限
+相当于 Doris 内部授权语句的 `grant select_priv on *.*.* to user1`;
+- catalog 同级下拉框可以找到 global 选项
+- 输入框里只能输入 `*`
+
+ 
+
+#### Catalog 权限
+相当于 Doris 内部授权语句的 `grant select_priv on hive.*.* to user1`;
+
+
+
+#### Database 权限
+相当于 Doris 内部授权语句的 `grant select_priv on hive.tpch.* to user1`;
+
+
+
+#### Table 权限
+相当于 Doris 内部授权语句的 `grant select_priv on hive.tpch.user to user1`;
+
+
+
+#### Column 权限
+相当于 Doris 内部授权语句的 `grant select_priv(name,age) on hive.tpch.user to user1`;
+
+
+
+#### Resource 权限
+相当于 Doris 内部授权语句的 `grant usage_priv on resource 'resource1' to user1`;
+- catalog 同级下拉框可以找到 resource 选项
-5. 使用 `user1` 登录 Doris,执行 `show catalogs`,只能看到 `hive` catalog。
-6. 在 Ranger 中添加一个 Policy:`select_hive_catalog`
+
- 
+#### Workload Group 权限
+相当于 Doris 内部授权语句的 `grant usage_priv on workload group 'group1' to user1`;
+- catalog 同级下拉框可以找到 workload group 选项
-7. 使用 `user1` 登录 Doris。该用户可以查看或查询 `hive` catalog 下,所有以 `tpch` 开头的 database
下的所有表。
+
### Row Policy 示例
diff --git a/static/images/ranger/catalog.png b/static/images/ranger/catalog.png
new file mode 100644
index 00000000000..d93a347c3b0
Binary files /dev/null and b/static/images/ranger/catalog.png differ
diff --git a/static/images/ranger/column.png b/static/images/ranger/column.png
new file mode 100644
index 00000000000..43df2add99c
Binary files /dev/null and b/static/images/ranger/column.png differ
diff --git a/static/images/ranger/database.png
b/static/images/ranger/database.png
new file mode 100644
index 00000000000..e8e7d8eb6a6
Binary files /dev/null and b/static/images/ranger/database.png differ
diff --git a/static/images/ranger/global.png b/static/images/ranger/global.png
new file mode 100644
index 00000000000..0e5808e15c2
Binary files /dev/null and b/static/images/ranger/global.png differ
diff --git a/static/images/ranger/group1.png b/static/images/ranger/group1.png
new file mode 100644
index 00000000000..3accdce9243
Binary files /dev/null and b/static/images/ranger/group1.png differ
diff --git a/static/images/ranger/resource.png
b/static/images/ranger/resource.png
new file mode 100644
index 00000000000..7530f030785
Binary files /dev/null and b/static/images/ranger/resource.png differ
diff --git a/static/images/ranger/table.png b/static/images/ranger/table.png
new file mode 100644
index 00000000000..6998110726d
Binary files /dev/null and b/static/images/ranger/table.png differ
diff --git a/versioned_docs/version-2.1/admin-manual/auth/ranger.md
b/versioned_docs/version-2.1/admin-manual/auth/ranger.md
index 3950b615daa..7273f3d2d14 100644
--- a/versioned_docs/version-2.1/admin-manual/auth/ranger.md
+++ b/versioned_docs/version-2.1/admin-manual/auth/ranger.md
@@ -54,7 +54,7 @@ In version 2.1.0, Doris supports unified permission
management by integrating Ap
3. Restart the Ranger service.
-4. Download
[ranger-servicedef-doris.json](https://github.com/morningman/ranger/blob/doris-plugin/agents-common/src/main/resources/service-defs/ranger-servicedef-doris.json)
+4. Download
[ranger-servicedef-doris.json](https://github.com/morningman/ranger/blob/doris-ranger-plugin-2.1/agents-common/src/main/resources/service-defs/ranger-servicedef-doris.json)
5. Execute the following command to upload the definition file to the Ranger
service:
diff --git a/versioned_docs/version-3.0/admin-manual/auth/ranger.md
b/versioned_docs/version-3.0/admin-manual/auth/ranger.md
index 3950b615daa..3a82e723b70 100644
--- a/versioned_docs/version-3.0/admin-manual/auth/ranger.md
+++ b/versioned_docs/version-3.0/admin-manual/auth/ranger.md
@@ -54,7 +54,7 @@ In version 2.1.0, Doris supports unified permission
management by integrating Ap
3. Restart the Ranger service.
-4. Download
[ranger-servicedef-doris.json](https://github.com/morningman/ranger/blob/doris-plugin/agents-common/src/main/resources/service-defs/ranger-servicedef-doris.json)
+4. Download
[ranger-servicedef-doris.json](https://github.com/morningman/ranger/blob/doris-ranger-plugin-3.0/agents-common/src/main/resources/service-defs/ranger-servicedef-doris.json)
5. Execute the following command to upload the definition file to the Ranger
service:
@@ -239,20 +239,48 @@ Afterwards, you can see the created service in the Apache
Doris plug-in on the S
## Best Practices
### Configuring Permissions
-
1. Create `user1` in Doris.
2. Using the `admin` user in Doris, create a Catalog named `hive`.
3. Create `user1` in Ranger.
-4. Add a Policy in Ranger named `show_hive_catalog`
- 
+#### Global Priv
+Equivalent to Doris' internal authorization statement `grant select_priv on
*.*.* to user1`;
+- The global option can be found in the dropdown menu of the same level in the
catalog
+- Only `*` can be entered in the input box
+
+ 
+
+#### Catalog Priv
+Equivalent to Doris' internal authorization statement `grant select_priv on
hive.*.* to user1`;
+
+
+
+#### Database Priv
+Equivalent to Doris' internal authorization statement `grant select_priv on
hive.tpch.* to user1`;
+
+
+
+#### Table Priv
+Equivalent to Doris' internal authorization statement `grant select_priv on
hive.tpch.user to user1`;
+
+
+
+#### Column Priv
+Equivalent to Doris' internal authorization statement `grant
select_priv(name,age) on hive.tpch.user to user1`;
+
+
+
+#### Resource Priv
+Equivalent to Doris' internal authorization statement `grant usage_priv on
resource 'resource1' to user1`;
+- The resource option can be found in the dropdown menu of the same level in
the catalog
-5. Log in to Doris as `user1` and execute `show catalogs`; only the `hive`
catalog should be visible.
-6. Add a Policy in Ranger named `select_hive_catalog`
+
- 
+#### Workload Group Priv
+Equivalent to Doris' internal authorization statement `grant usage_priv on
workload group 'group1' to user1`;
+- The workload group option can be found in the dropdown menu of the same
level in the catalog
-7. Log in to Doris as `user1`. This user can now view or query all tables
under any database starting with `tpch` in the `hive` catalog.
+
### Row Policy Example
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
