update docs and clearify difference between

ranger.plugin.hive.policy.cache.dir and ranger.plugin.spark.policy.cache.dir configs
apache · Aug 18, 2022 · a7ec3bc · a7ec3bc
1 parent 4887bd1
commit a7ec3bc
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/docs/security/authorization/spark/install.md b/docs/security/authorization/spark/install.md
@@ -74,9 +74,8 @@ for pointing to the right Ranger admin server.
 
 </configuration>
 ```
-##### Using Marcos in Row Level Filters
-  - Macros are now supported for using user/group/tag in row filter expressions, introduced in [Ranger 2.3](https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+2.3.0+-+Release+Notes). This feature helps significantly simplify the row-filter condition expression by replacing explicit condition query by using user/group/tag's attributes. Considering a user with an attribute `born_city` of value `Guangzhou `, the row filter condition as `city='${{USER.born_city}}'` will be transformed to `city='Guangzhou'` in execution plan. More supported marcros and usage refer to [RANGER-3605](https://issues.apache.org/jira/browse/RANGER-3605) and [RANGER-3550](https://issues.apache.org/jira/browse/RANGER-3550).
-  - Add the follow configs to `ranger-spark-security.xml` to enable UserStore Enricher which is required by macros and scripts.
+##### Using Macros in Row Level Filters
+  - Macros are now supported for using user/group/tag in row filter expressions, introduced in [Ranger 2.3](https://cwiki.apache.org/confluence/display/RANGER/Apache+Ranger+2.3.0+-+Release+Notes). This feature helps significantly simplify row filter expressions by using user/group/tag's attributes instead of explicit conditions. Considering a user with an attribute `born_city` of value `Guangzhou `, the row filter condition as `city='${{USER.born_city}}'` will be transformed to `city='Guangzhou'` in execution plan. More supported macros and usage refer to [RANGER-3605](https://issues.apache.org/jira/browse/RANGER-3605) and [RANGER-3550](https://issues.apache.org/jira/browse/RANGER-3550). Add the following configs to `ranger-spark-security.xml` to enable UserStore Enricher required by macros.
 
 ```xml
     <property>
@@ -88,7 +87,7 @@ for pointing to the right Ranger admin server.
     <property>
         <name>ranger.plugin.hive.policy.cache.dir</name>
         <value>./a ranger hive service name/policycache</value>
-        <description>policycache cache path of hive service def for caching UserStore, Tags, etc.</description>
+        <description>As Authz plugin reuses hive service def, a policy cache path is required for caching UserStore and Tags for "hive" service def, while "ranger.plugin.spark.policy.cache.dir config" is the path for caching policies in service. </description>
     </property>    
 ```