OK, Knox is not an alternative to Kerberos: https://community.hortonworks.com/questions/62130/difference-between-apache-knox-and-kerberos.html
But something is still unclear for me. With the combination of Ranger, would it be possible to define the 2 following roles? One role for data-analysts, agile, less governed, less secured. And another one for business-analysts, highly governed, highly secured. These 2 roles should have different authorizations, data analysts could probably see all the data sets from Hadoop whereas business analysts could not.
But before that, I have another naive question, could we explore the Hadoop data sets from its REST API? I mean, Knox adds security (authentication) in front of Hadoop REST APIs but could we do data exploration (browsing the data-sets) from the REST API (otherwise, ask data analysts to use Knox is pointless)?
Thanks a lot for your help.
I am not Ranger expert but I think you should be able to achieve with the Knox Ranger Plugin.
If you can browse your data sets using REST APIs you can certainly use Knox to proxy them.