Ranger: Bulk add new user for NiFi Nodes

Nur Kholis M.Nur Kholis M.
1 min read

Issue

  • You need to add many NiFi nodes to be able to grant privileges on NiFi/NiFi Registry Services.

  • Adding manually one-by-one in Ranger UI will take a lot of time.

Resolution

Use Ranger REST API.

Add user

Create file ranger-add-user.sh with following lines:

$ cat ranger-add-user.sh
#!/usr/bin/env bash
username=$1
if [ "${username}" == "" ]; then
        echo "$0 username"
        exit 2
fi

RANGER_USER="admin"
RANGER_PASSWD="admin"
RANGER_URL="https://ranger.example.com:6182"

# Create new user
curl -i -u ${RANGER_USER}:${RANGER_PASSWD} \
        -H "Accept: application/json" \
        -H "Content-Type: application/json" \
        -d "{
              \"name\": \"${username}\",
              \"firstName\": \"${username}\",
              \"password\": \"Passwd12345\",
              \"status\": 1,
              \"userRoleList\": [\"ROLE_USER\"]
            }" \
        -X POST ${RANGER_URL}/service/xusers/secure/users

Replace $RANGER_USER, $RANGER_PASSWD and $RANGER_URL with the appropriate values for your environment. You can also customize parameters in json payload. For example if you want user as Admin, then change userRoleList to ROLE_SYS_ADMIN.

Then try to add new user by supply username to script above. Here is output if command is succeed

$ ./ranger-add-user.sh node02.example.com
{"id":281,"createDate":"2023-08-31T02:59:17Z","updateDate":"2023-08-31T02:59:17Z","owner":"Admin","updatedBy":"Admin","name":"node02.example.com","firstName":"node02.example.com","password":"*****","description":"node02.example.com","groupNameList":[],"status":1,"isVisible":1,"userSource":0,"userRoleList":["ROLE_USER"]}

Repeat for other user. Check on RangerUI if new user is created.

All script is on this repo: https://github.com/kholis/ranger-api-example

References

[1] https://ranger.apache.org/apidocs/index.html
[2] https://medium.com/@suraj.singh_71408/creating-apache-ranger-users-made-easy-with-rest-api-a-step-by-step-guide-c400724dbd75
[3] https://community.cloudera.com/t5/Support-Questions/REST-API-URL-to-change-the-user-role-in-Ranger/td-p/134371
[4] https://www.mail-archive.com/user@ranger.incubator.apache.org/msg01067.html

0
Subscribe to my newsletter

Read articles from Nur Kholis M. directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Cloudera#ranger

Written by

Nur Kholis M.
Nur Kholis M.