Skip to main content

Privacera Documentation

Table of ContentsTable of Contents

Apache Ranger API on PrivaceraCloud

Each PrivaceraCloud account uses an internal Apache Ranger process to assist with the access control functions. This Apache Ranger process can be accessed directly via its REST API.

The Apache Ranger API is standardized and open source. For the full Ranger API specification, see Apache Ranger API and Apache Ranger Interactive Swagger Ranger API definition.

PrivaceraCloud allows the full use of the Ranger API but disallows modification, removal, or overwrite of itself as the Apache Ranger plug in. The following methods are disallowed and will return an HTTP Status 403 (Access Forbidden):

  • POST <RangerAdminURL>/service/plugins/definitions

  • PUT <RangerAdminURL>/service/plugins/definitions

  • DELETE <RangerAdminURL>/service/plugins/definitions

PrivaceraCloud Apache Ranger API Access

Establish access credentials for Basic Auth authentication.

Create an Admin Data Access User API Service Account


The best practice is to create at least one Ranger API data access service account:

  1. Open Access Manager > Users/Groups/Roles, and create a user.

  2. Set the Role to Admin. Record the password.


Generate a Ranger Admin API URL

Perform following steps to generate Ranger admin API URL.

  1. Under PrivaceraCloud portal, go to Settings > API Keys. Click GENERATE API KEY .

  2. Under Generate Api Key dialog, define the purpose as "REST API Access" or similar and select the Never Expires checkbox.

  3. Click GENERATE API KEY to proceed with the next dialog.

  4. In the second Generate Api Key dialog, under Ranger Admin URL, click COPY URL, then close the dialog.


    DO NOT use the Ranger Audit URL to get the audits from the Privacera Cloud. The Ranger Audit URL is required to send the audits from plugins into the PrivaceraCloud.

    In case you need to download the bulk audits regularly from the PrivaceraCloud, see Configure Audit Access Settings on PrivaceraCloudConfigure Audit Access Settings on PrivaceraCloud

Figure 8. Generate API key using Ranger Admin URL
Generate API key using Ranger Admin URL

The API Keys page displays the added API Key as shown in the following image.


Test and Confirm Access

The Ranger Admin URL will look similar to:

A full URL Ranger API service URI is "<RangerAdminURL>/service/<Ranger API Resource Path>".


Using curl and the Ranger API "/plugins/services" method to confirm access, the full curl command is:

curl -u RangerAPI-Auth:ranger1234#

A typical response would be:

    "startIndex": 0,
    "pageSize": 200,
    "totalCount": 1,
    "resultSize": 1,
    "sortType": "asc",
    "sortBy": "serviceId",
    "queryTimeMS": 1604017945463,
    "services": [
            "id": 1,
            "guid": "8927fc53-4036-44a8-bc12-482d302164fc",
            "isEnabled": true,
            "createdBy": "Admin",
            "updatedBy": "Admin",
            "createTime": 1603341313000,
            "updateTime": 1603341313000,
            "version": 1,
            "type": "hive",
            "name": "privacera_hive",
            "displayName": "privacera_hive",
            "description": "Hive repo",
            "configs": {
                "password": "**",
                "jdbc.driverClassName": "org.apache.hive.jdbc.HiveDriver",
                "jdbc.url": "jdbc:hive2://localhost:10000",
                "username": "hive"
            "policyVersion": 8,
            "policyUpdateTime": 1603341313000,
            "tagVersion": 1,
            "tagUpdateTime": 1603341313000