Apache Kylin is an open source Distributed Analytics Engine designed to provide SQL interface and multi-dimensional analysis (OLAP) on Hadoop supporting extremely large datasets, original contributed from eBay Inc. Apache Kylin lets user query massive data set at sub-second latency in 3 steps.
1. Identify a Star Schema on Hadoop.
2. Build Cube from the identified tables.
3. Query with ANSI-SQL and get results in sub-second, via ODBC, JDBC or RESTful API.
We should support that using Ranger to control kylin's access rights for project and cube.
Specific implementation plan is as following:
On the ranger website, administrators can configure policies to control user access to projects and cube permissions.
Kylin provides an abstract class and authorization interfaces for use by the ranger plugin. kylin instantiates ranger plugin’s implementation class when starting(this class extends the abstract class provided by kylin).
Ranger plugin periodically polls ranger admin, updates the policy to the local, and updates project and cube access rights based on policy information.
In the Kylin side：
1. Kylin provides an abstract class that enables the ranger plugin's implementation class to extend.
2. Add configuration item. 1) ranger authorization switch, 2) ranger plugin implementation class's name.
3. Instantiate the ranger plugin implementation class when starting kylin.
4. kylin provides authorization interfaces for ranger plugin calls.
5. According to the ranger authorization configuration item, hide kylin's authorization management page.
6. Using ranger manager access rights of the kylin does not affect kylin's existing permissions functions and logic.
In the Ranger side：
1. Ranger plugin will periodically polls ranger admin, updates the policy to the local.
2. The ranger plugin invoking the authorization interfaces provided by kylin to updates the project and cube access rights based on the policy information.