Reply
New Contributor
Posts: 3
Registered: ‎10-02-2018

Controlling Cloudera Admin Access to underlying data

[ Edited ]

Need to ask the following questions asap around Cloudera Admin access - documentation here https://www.cloudera.com/documentation/enterprise/5-10-x/topics/cm_sg_user_roles.html

  1. Does any Cloudera Admin roles have full data access – current assumption is Cluster Admin and Full Admin have it.
  2. If any Admin role has full data access – can we do without those roles. (e.g. - The documentation says that Full Admin can be deleted once Cloudera set is done.
  3. Can we add any restrictions/build privileges such that data set (which is highly sensitive) in a particular node is accessible only to users given access to that node and not accessible by any admins.
Highlighted
Master
Posts: 305
Registered: ‎07-01-2015

Re: Controlling Cloudera Admin Access to underlying data

I am not a security expert, but I think the answer to your last question is data-at-rest encryption.

One comment to the first point: I dont think the admin has a direct full access to the data directly, but as he is able to change any propoerty of HDFS, he is able to configure for himself an access very likely.
Announcements