Ranger

Apache Ranger is a service that manages access control rules for components that are running on Cloudera Data Platform (CDP). You can use Apache Ranger to store access control rules for objects in a Db2® Big SQL database. These access control rules take the form of resource-based or tag-based policies that a security administrator defines through the Ranger user interface.

When Ranger integration is enabled, Db2 Big SQL delegates access control for a defined set of database operations to Ranger. For details, see Db2 Big SQL operations that are managed by Ranger. All database operations that are not managed by Ranger continue to be managed by native Db2 Big SQL authorization. In this way, Ranger and native Db2 Big SQL access control combine to provide a complete security solution on CDP.

When you configure Db2 Big SQL to make Ranger the external access control manager, consider migrating native Db2 Big SQL authorizations to Ranger. Ranger will replace native Db2 Big SQL access control for the database operations that it manages. Until native Db2 Big SQL authorizations are mapped to Ranger policies, access to perform database operations that are managed by Ranger will be restricted. You must migrate Db2 Big SQL authorizations to Ranger policies manually. For details, see Importing authorization to Db2 Big SQL Ranger policies.