Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Hierarchy of TDE encryption zones with Ranger-KMS

avatar
author-rank alinazemian
Expert Contributor

Created ‎02-26-2017 02:35 AM

I was wondering is there any way to have a hierarchy of encryption zones managing by Ranger-KMS? Suppose we have the following directory structure:

/userA/userB/

/userA/userC/

I want to configure HDFS in a way that userB and userA use two different encryption zones, but I would like to be able to access userB and userC folders with userA and be able to encrypt/decrypt data owned by userB or userC. Is there any way to handle this situation with Ranger-KMS?

3,637 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎02-26-2017 02:44 AM

With ranger you encrypt folders and those will access to those folder will be able to view data (decrypt). you can have userb and c folders encrypted and provide access to those folders to user A. then user will have access to those folders and view data (decrypt).

View solution in original post

3,496 Views
3 REPLIES 3

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎02-26-2017 02:44 AM

With ranger you encrypt folders and those will access to those folder will be able to view data (decrypt). you can have userb and c folders encrypted and provide access to those folders to user A. then user will have access to those folders and view data (decrypt).

3,497 Views

avatar
author-rank alinazemian
Expert Contributor

Created ‎02-26-2017 02:50 AM

So can we virtually build a hierarchy of encryption zone in this way?

3,496 Views
0 Kudos

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎02-26-2017 03:08 AM

I don't consider this a hierarchy of encryption. more in tune of encryption and authorization on those zones.

3,496 Views
0 Kudos
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements