Community Articles
Find and share helpful community-sourced technical articles
Labels (1)
Super Guru

Falcon by default coes with authorization turned off.

To turn on set the following through ambari falcon config:

  • *.falcon.security.authorization.enabled = true
  • *.falcon.security.authorization.superusergroup = <linux group>
    • In my example I am using linux group users

3714-2016-04-26-13-03-54.jpg

In my example oozie,ambari-qa,tez,falcon,hue,guest are in the group "users". The purpose of this group is to only allow users within this group to view, edit, and delete each others material. Any user outside this group should not have access.

3715-2016-04-26-13-05-57.jpg

Now logging in a falcon who is part of users group:

3716-2016-04-26-13-06-20.jpg

Falcon user has created a cluster "authTest" and feed "feed1" Lets view it:

3717-2016-04-26-13-06-38.jpg

Great so falcon is see the feed and cluster. Now lets go in with user hdfs who is NOT part of group users

3718-2016-04-26-13-06-54.jpg

Logged in as user hdfs who is NOT part of group users. This user will do a simple search for everything cluster/feed entity which exist in falcon.

3720-2016-04-26-13-07-04.jpg

So hdfs user search does not return anything since the use is not allowed. Now lets log in with user tez who IS part of user group users

3721-2016-04-26-13-07-20.jpg

User tez will do a simple search for everything cluster/feed entity which exist in falcon.

3722-2016-04-26-13-07-28.jpg

As you can see tez is able to view what user falcon created since they are part of the same group. user hdfs was not since it is not part of the same group.

463 Views
0 Kudos
Don't have an account?
Version history
Revision #:
2 of 2
Last update:
‎08-17-2019 12:40 PM
Updated by:
 
Contributors
Top Kudoed Authors