Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Master Guru
Created on 10-28-2015 05:24 AM
I had setup Transparent data encryption some time back for HDP2.2 by referring steps mentioned at http://hortonworks.com/kb/hdfs-transparent-data-encryption/
I tested my setup, everything worked perfectly except one thing, superuser was able to access the contents from encrypted zone transparently which I think should not work that way, so to restrict your encrypted zone you need to modify below property in /usr/kms-demo/hadoop/etc/hadoop/kms-acls.xml
<property> <name>hadoop.kms.acl.DECRYPT_EEK</name> <value>user1,user2</value> <description> ACL for decryptEncryptedKey CryptoExtension operations. </description> </property>
Add list of users for whom you want to give access to your encrypted zone.
Hope this is useful 🙂
843 Views