Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Can we set exceptions to a SuperUser's access permissions?

Labels:
avatar
author-rank egarelnabi
Guru

Created ‎08-29-2016 04:08 PM

We have an application (Datameer) that requires superuser access by being a member in the HDFS supergroup. What options are available for securing/restricting that user's access to files and folders on HDFS?

With Ranger 0.6+ (HDP 2.5+) we can use Deny or Exclude Conditions (https://cwiki.apache.org/confluence/display/RANGER/Deny-conditions+and+excludes+in+Ranger+policies), but what do we do with previous versions like HDP 2.4 (Ranger 0.5.2)?

1,877 Views
1 ACCEPTED SOLUTION

avatar
author-rank emaxwell author-rank
Guru

Created ‎08-29-2016 04:40 PM

@Eyad Garelnabi

According to the Hadoop Documentation, permissions checks for the superuser always succeed, even if you try to restrict them. The process (and group) used to start the namenode become the superuser and can always do everything within HDFS.

View solution in original post

1,752 Views
0 Kudos
1 REPLY 1

avatar
author-rank emaxwell author-rank
Guru

Created ‎08-29-2016 04:40 PM

@Eyad Garelnabi

According to the Hadoop Documentation, permissions checks for the superuser always succeed, even if you try to restrict them. The process (and group) used to start the namenode become the superuser and can always do everything within HDFS.

1,753 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements