All Products
Search
Document Center

E-MapReduce:Ranger

Last Updated:Apr 25, 2025

Apache Ranger is a security framework that implements fine-grained access control across Hadoop components, such as Hadoop Distributed File System (HDFS), Hive, and YARN, in a centralized manner. You can manage permissions on the components in the web UI of Ranger.

Components of Ranger

Ranger consists of three modules:
  • Ranger Admin

    You can use Ranger Admin to create and update access policies. The policies are stored in a database. The plug-ins for Hadoop components poll the access policies on a regular basis.

  • Ranger Plug-ins

    The plug-ins for Hadoop components are embedded in cluster processes as lightweight Java programs. For example, the Hive plug-in is embedded in the Hiveserver2 process. The plug-ins obtain policies from Ranger Admin and store the policies in local files. When Ranger receives a request from a user of a Hadoop component, the plug-in for the component obtains the request, and then evaluates the request based on the access policies.

  • Ranger UserSync

    UserSync is a user information synchronization tool. It is used to fetch user and user group information from the UNIX system or an LDAP server. The information is stored in the database of Ranger Admin and is used to define policies.

Access the web UI of Ranger

  1. Add port 8443. For more information about how to add a port, see Add a security group rule.

  2. Go to the Access Links and Ports tab.

    1. Log on to the EMR console. In the left-side navigation pane, click EMR on ECS.

    2. In the top navigation bar, select the region where your cluster resides and select a resource group based on your business requirements.

    3. On the EMR on ECS page, find the desired cluster and click the name of the cluster.

    4. On the page that appears, click the Access Links and Ports tab.

  3. On the Access Links and Ports tab, find the Ranger service and click the desired link.

  4. On the logon page of Ranger, enter a username and password.

    • Data lake scenario (DataLake clusters)

      • EMR V3.44.0 or a later minor version and EMR V5.10.0 or a later minor version

        The default username is admin, and the default password is Admin1234.

      • A minor version earlier than EMR V3.44.0 or a minor version earlier than EMR V5.10.0

        The default username is admin, and the default password is admin1234.

    • Old data lake scenario (Hadoop clusters)

      The default username and password are admin.

    If you forget the default password, resolve the issue by referring to FAQ.

  5. Reset the password upon your first logon and record the password.

    1. Click Settings in the top navigation bar.

    2. Change the password of the admin user.

    3. In the upper-right corner, choose admin > Log Out.

      After the password is reset, you can use the new password to log on to the web UI of Ranger.

FAQ

How do I make the permission control feature of Ranger work as expected after I change the password of the administrator on the web UI of Ranger?

If you change the password of the administrator of a cluster of EMR V3.53.0 or a later minor version or a cluster of EMR V 5.19.0 or a later minor version on the web UI of Ranger, you must perform the following operations to modify the ranger.admin.password configuration item on the Configure tab of the Ranger service page. Otherwise, the permission control feature of Ranger may not work as expected.

  1. Log on to the EMR console. In the left-side navigation pane, click EMR on ECS.

  2. Go to the Configure tab of the Ranger service page.

    1. On the EMR on ECS page, find the desired cluster and click Services in the Actions column.

    2. On the Services tab, find Ranger and click Configure.

  3. On the Configure tab, search for the ranger.admin.password configuration item and change the value to the password that you specified on the web UI of Ranger.

  4. Save the modification and follow the on-screen instructions to make the modification take effect.

What do I do if I forget the password and cannot log on to the web UI of Ranger?

You can perform the following steps to resolve the issue:

  1. Log on to the master node of the cluster. For more information, see Log on to a cluster.

  2. Run the following command to reset the password of the admin user to the default password.

    • DataLake clusters

      • EMR V3.44.0 or a later minor version and EMR V5.10.0 or a later minor version

        mysql -urangeradmin -pRangeradmin1234 update ranger.x_portal_user set password="07e47d323c1c36c1dc2cc3966027d6f9" where login_id="admin";

      • A minor version earlier than EMR V3.44.0 or a minor version earlier than EMR V5.10.0

        mysql -urangeradmin -prangeradmin1234 update ranger.x_portal_user set password="257e4521fee681b67583e2e7a4ac1c28" where login_id="admin";

    • Hadoop clusters

      mysql -urangeradmin -prangeradmin update ranger.x_portal_user set password="ceb4f32325eda6142bd65215f4c0f371" where login_id="admin";