Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Apply security on prod environemnt

Highlighted

Apply security on prod environemnt

Explorer

Dears ,

 

I have a question for the best practices should be done on cloudera cluster specially on hdfs level using sentry RBACS.the main concern for us is that the data is copied from external resources to hdfs and the permissions make headache for us as sentry cannot be applied on URI level.Si there any solutions or document for such cases to follow?

 

Regards

3 REPLIES 3

Re: Apply security on prod environemnt

Moderator

Hellio @AmroSaleh ,

 

thank you for reaching out on Community and raising your enquiry on Sentry-HDFS.

 

Have you seen the "Authorization with Apache Sentry" documentation, please? 

 

For HDFS-Sentry synchronization to work, you must use the Sentry service, not policy file authorization. See Synchronizing HDFS ACLs and Sentry Permissions, for more details.

Let us know if you went through these docs and you still need any additional information.

 

Thank you:

Ferenc


Ferenc Erdelyi, Technical Solutions Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Learn more about the Cloudera Community:

Highlighted

Re: Apply security on prod environemnt

Explorer

Thanks Bender , yes i checked these documents and yes i configured sentry service , but the issue with sentry is that the HDFS ACLS will not be applied , for example if i have a user that needs to write to a specific path on hdfs as hive will manage everything i cannot add an ACL for this user and the grant with URI will be ALL.

 

 

Highlighted

Re: Apply security on prod environemnt

Contributor

Sentry-HDFS authorization is focused on Hive warehouse data - that is, any data that is part of a table in Hive or Impala. 

 

For HDFS-only control, you should looke at HDFS ACLs or Extended ACLs.

 

See this doc.

Don't have an account?
Coming from Hortonworks? Activate your account here