Apache Ranger

Apache Ranger REST API

The Ranger REST API provides endpoints for policy management, service management, user/group management, audit log retrieval, and security zone administration, with plugin APIs for enforcing policies in HDFS, Hive, HBase, and other services.

GitHub OpenAPI

Documentation

📖
Documentation
https://ranger.apache.org/apidocs/index.html
📖
Documentation
https://ranger.apache.org/

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/apache-ranger/refs/heads/main/openapi/apache-ranger-rest-api.yaml

Other Resources

🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/apache-ranger/refs/heads/main/capabilities/rest-audit.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/apache-ranger/refs/heads/main/capabilities/rest-groups.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/apache-ranger/refs/heads/main/capabilities/rest-policies.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/apache-ranger/refs/heads/main/capabilities/rest-services.yaml
🔗
NaftikoCapability
https://raw.githubusercontent.com/api-evangelist/apache-ranger/refs/heads/main/capabilities/rest-users.yaml

OpenAPI Specification

apache-ranger-rest-api.yaml Raw ↑ 
openapi: 3.0.3
info:
  title: Apache Ranger REST API
  description: Apache Ranger provides centralized security administration and policy management for Hadoop ecosystem services. This API covers policy management, service definitions, audit logs, user/group management, and security zones.
  version: 2.4.0
  contact:
    name: Apache Ranger
    url: https://ranger.apache.org/
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0
servers:
  - url: https://ranger.example.com/service
    description: Apache Ranger Policy Manager

paths:
  /plugins/policies:
    get:
      operationId: listPolicies
      summary: Apache Ranger List Policies
      description: List all security policies managed by Ranger.
      tags: [Policies]
      x-microcks-operation:
        dispatcher: RANDOM
      parameters:
        - name: serviceType
          in: query
          schema:
            type: string
          description: Filter by service type (hdfs, hive, hbase, etc.)
        - name: serviceName
          in: query
          schema:
            type: string
      responses:
        '200':
          description: List of policies
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PolicyList'
    post:
      operationId: createPolicy
      summary: Apache Ranger Create Policy
      description: Create a new security policy in Ranger.
      tags: [Policies]
      x-microcks-operation:
        dispatcher: RANDOM
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Policy'
      responses:
        '200':
          description: Policy created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Policy'
  /plugins/policies/{id}:
    get:
      operationId: getPolicy
      summary: Apache Ranger Get Policy
      description: Retrieve a specific security policy by ID.
      tags: [Policies]
      x-microcks-operation:
        dispatcher: URI_PARTS
        dispatcherRules: id
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: integer
      responses:
        '200':
          description: Policy details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Policy'
    put:
      operationId: updatePolicy
      summary: Apache Ranger Update Policy
      description: Update an existing security policy.
      tags: [Policies]
      x-microcks-operation:
        dispatcher: URI_PARTS
        dispatcherRules: id
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: integer
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Policy'
      responses:
        '200':
          description: Policy updated
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Policy'
    delete:
      operationId: deletePolicy
      summary: Apache Ranger Delete Policy
      description: Delete a security policy by ID.
      tags: [Policies]
      x-microcks-operation:
        dispatcher: URI_PARTS
        dispatcherRules: id
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: integer
      responses:
        '204':
          description: Policy deleted
  /plugins/services:
    get:
      operationId: listServices
      summary: Apache Ranger List Services
      description: List all registered services in Ranger.
      tags: [Services]
      x-microcks-operation:
        dispatcher: RANDOM
      responses:
        '200':
          description: List of services
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ServiceList'
    post:
      operationId: createService
      summary: Apache Ranger Create Service
      description: Register a new service with Ranger for policy management.
      tags: [Services]
      x-microcks-operation:
        dispatcher: RANDOM
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RangerService'
      responses:
        '200':
          description: Service created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RangerService'
  /plugins/services/{id}:
    get:
      operationId: getService
      summary: Apache Ranger Get Service
      description: Retrieve details of a specific Ranger service.
      tags: [Services]
      x-microcks-operation:
        dispatcher: URI_PARTS
        dispatcherRules: id
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: integer
      responses:
        '200':
          description: Service details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RangerService'
    delete:
      operationId: deleteService
      summary: Apache Ranger Delete Service
      description: Remove a service from Ranger management.
      tags: [Services]
      x-microcks-operation:
        dispatcher: URI_PARTS
        dispatcherRules: id
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: integer
      responses:
        '204':
          description: Service deleted
  /xusers/users:
    get:
      operationId: listUsers
      summary: Apache Ranger List Users
      description: List all users registered in Ranger.
      tags: [Users]
      x-microcks-operation:
        dispatcher: RANDOM
      responses:
        '200':
          description: List of users
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserList'
    post:
      operationId: createUser
      summary: Apache Ranger Create User
      description: Create a new user in Ranger.
      tags: [Users]
      x-microcks-operation:
        dispatcher: RANDOM
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RangerUser'
      responses:
        '200':
          description: User created
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RangerUser'
  /xusers/groups:
    get:
      operationId: listGroups
      summary: Apache Ranger List Groups
      description: List all user groups in Ranger.
      tags: [Groups]
      x-microcks-operation:
        dispatcher: RANDOM
      responses:
        '200':
          description: List of groups
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GroupList'
  /audit/access:
    get:
      operationId: getAccessAudit
      summary: Apache Ranger Get Access Audit
      description: Retrieve access audit logs showing who accessed what resources.
      tags: [Audit]
      x-microcks-operation:
        dispatcher: RANDOM
      parameters:
        - name: startDate
          in: query
          schema:
            type: string
            format: date-time
        - name: endDate
          in: query
          schema:
            type: string
            format: date-time
        - name: user
          in: query
          schema:
            type: string
        - name: resource
          in: query
          schema:
            type: string
      responses:
        '200':
          description: Audit log entries
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuditList'

components:
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic
  schemas:
    PolicyList:
      type: object
      description: List of Ranger security policies
      properties:
        totalCount:
          type: integer
          description: Total number of policies
        pageSize:
          type: integer
        resultSize:
          type: integer
        policies:
          type: array
          items:
            $ref: '#/components/schemas/Policy'
    Policy:
      type: object
      description: Ranger security policy definition
      properties:
        id:
          type: integer
          description: Policy identifier
        name:
          type: string
          description: Policy name
        serviceType:
          type: string
          description: Service type this policy applies to (hdfs, hive, hbase)
        serviceName:
          type: string
          description: Service name this policy applies to
        description:
          type: string
          description: Policy description
        isEnabled:
          type: boolean
          description: Whether the policy is active
        isAuditEnabled:
          type: boolean
          description: Whether audit logging is enabled
        resources:
          type: object
          description: Resources protected by this policy
          additionalProperties:
            $ref: '#/components/schemas/PolicyResource'
        policyItems:
          type: array
          items:
            $ref: '#/components/schemas/PolicyItem'
    PolicyResource:
      type: object
      description: Resource specification in a Ranger policy
      properties:
        values:
          type: array
          items:
            type: string
          description: Resource values (paths, tables, etc.)
        isRecursive:
          type: boolean
          description: Whether to apply recursively
        isExcludes:
          type: boolean
          description: Whether this is an exclusion list
    PolicyItem:
      type: object
      description: Policy item defining access permissions
      properties:
        users:
          type: array
          items:
            type: string
          description: Users granted access
        groups:
          type: array
          items:
            type: string
          description: Groups granted access
        accesses:
          type: array
          items:
            $ref: '#/components/schemas/AccessType'
        conditions:
          type: array
          items:
            type: string
    AccessType:
      type: object
      description: Access type in a policy item
      properties:
        type:
          type: string
          description: Access type name (read, write, execute, etc.)
        isAllowed:
          type: boolean
          description: Whether the access is allowed
    ServiceList:
      type: object
      description: List of Ranger services
      properties:
        totalCount:
          type: integer
        services:
          type: array
          items:
            $ref: '#/components/schemas/RangerService'
    RangerService:
      type: object
      description: Ranger service definition
      properties:
        id:
          type: integer
          description: Service identifier
        name:
          type: string
          description: Service name
        type:
          type: string
          description: Service type (hdfs, hive, hbase, kafka, etc.)
        description:
          type: string
          description: Service description
        isEnabled:
          type: boolean
          description: Whether the service is active
        configs:
          type: object
          description: Service connection configuration
          additionalProperties:
            type: string
    UserList:
      type: object
      description: List of Ranger users
      properties:
        totalCount:
          type: integer
        users:
          type: array
          items:
            $ref: '#/components/schemas/RangerUser'
    RangerUser:
      type: object
      description: Ranger user definition
      properties:
        id:
          type: integer
          description: User identifier
        name:
          type: string
          description: Username
        firstName:
          type: string
        lastName:
          type: string
        emailAddress:
          type: string
        userSource:
          type: integer
          description: User source (0=internal, 1=LDAP/AD)
        status:
          type: integer
          description: User status (1=active, 0=disabled)
    GroupList:
      type: object
      description: List of Ranger groups
      properties:
        totalCount:
          type: integer
        groups:
          type: array
          items:
            $ref: '#/components/schemas/RangerGroup'
    RangerGroup:
      type: object
      description: Ranger user group
      properties:
        id:
          type: integer
          description: Group identifier
        name:
          type: string
          description: Group name
        description:
          type: string
          description: Group description
        groupSource:
          type: integer
          description: Group source (0=internal, 1=LDAP/AD)
    AuditList:
      type: object
      description: Access audit log entries
      properties:
        totalCount:
          type: integer
        auditList:
          type: array
          items:
            $ref: '#/components/schemas/AuditEntry'
    AuditEntry:
      type: object
      description: Single access audit log entry
      properties:
        id:
          type: string
          description: Audit entry identifier
        user:
          type: string
          description: User who accessed the resource
        resourceType:
          type: string
          description: Type of resource accessed
        resourcePath:
          type: string
          description: Path of the accessed resource
        accessType:
          type: string
          description: Type of access (read, write, etc.)
        result:
          type: integer
          description: Access result (1=allowed, 0=denied)
        aclEnforcer:
          type: string
          description: ACL enforcer that made the decision
        agentId:
          type: string
          description: Agent/plugin that reported the audit
        repoName:
          type: string
          description: Repository/service name
        sessionId:
          type: string
          description: Session identifier
        clientIP:
          type: string
          description: Client IP address
        eventTime:
          type: string
          format: date-time
          description: Time of access event

security:
  - basicAuth: []