Set up an Apache Ranger connector

C1 provides identity governance for Apache Ranger. Integrate your Apache Ranger instance with C1 for unified visibility and governance over identities, policies, and access grants managed by Ranger Admin.

Capabilities

Resource	Sync	Provision
Users
Groups
Roles
Access roles
Module permissions
Security zones
Tags
Policies
Policy access grants

The connector reads users, groups, roles, system access roles, admin module permissions, security zones, tags, and policies from the Ranger Admin REST API. Each policy is synced with one entitlement per access type it grants (for example select or read), covering allow, deny, allow/deny exception, data mask, and row filter items, plus a delegate-admin entitlement. Grants resolve the users, groups, and roles referenced in those policy items. This connector targets Apache Ranger 2.x. It is read-only and does not provision or modify access in Apache Ranger.

Gather Apache Ranger credentials

You need an Apache Ranger account with administrator access to the Ranger Admin service so the connector can read users, groups, roles, policies, and security zones. An account without admin access may return only a partial view of your directory.

Sign in to the Apache Ranger Admin UI. By default it runs on port 6080, for example https://ranger.example.com:6080. Note this base URL — you enter it when configuring the connector.

Use an account with administrator access. On a default installation this is the admin user whose password was set during installation. Confirm the account can view Settings > Users/Groups/Roles and policy objects in the Admin UI.

Have the username and password for that account ready. The connector authenticates to the Ranger Admin REST API with these credentials.

Configure the Apache Ranger connector

Cloud-hosted
Self-hosted

Follow these instructions to use a built-in, no-code connector hosted by C1.

In C1, navigate to Integrations > Connectors and click Add connector.

Search for Apache Ranger and click Add.

Choose how to set up the new Apache Ranger connector.

Set the owner for this connector.

Click Next.

Find the Settings area of the page and click Edit.

Enter the Apache Ranger credentials:

Base URL: Your Apache Ranger Admin server URL, for example https://ranger.example.com:6080.
Username: The administrator username for Ranger Admin.
Password: The password for that account.

Click Save.

The connector’s label changes to Syncing, followed by Connected. You can view the logs to ensure that information is syncing.

Done. Your Apache Ranger connector is now pulling access data into C1.

Follow these instructions to run the Apache Ranger connector in your own environment.

Create secrets for the Apache Ranger Admin credentials.

Configure the connector environment variables:

BATON_BASE_URL: Your Apache Ranger Admin server URL, for example https://ranger.example.com:6080.
BATON_USERNAME: The administrator username for Ranger Admin.
BATON_PASSWORD: The password for that account.

Deploy the connector using your standard self-hosted connector process.

Done. Your Apache Ranger connector is now pulling access data into C1.

Connector configuration reference

Setting	Environment variable	Required	Description
Base URL	`BATON_BASE_URL`	Yes	The base URL of the Apache Ranger Admin API, for example `https://ranger.example.com:6080`.
Username	`BATON_USERNAME`	Yes	Username used to authenticate with Ranger Admin.
Password	`BATON_PASSWORD`	Yes	Password for the authenticating user. Stored as a secret.

Set up an Amazon EKS connector

Set up a Arctic Wolf connector

⌘I

​Capabilities

​Gather Apache Ranger credentials

​Configure the Apache Ranger connector

​Connector configuration reference

Capabilities

Gather Apache Ranger credentials

Configure the Apache Ranger connector

Connector configuration reference