Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Can soemeone please help me to understand main.ldapRealm.authorizationEnabled property in knox.

Can soemeone please help me to understand main.ldapRealm.authorizationEnabled property in knox.

Guru

Hi Team,

I have to set main.ldapRealm.authorizationEnabled in knox topology but I am trying to understand this property before I do it in knox.

Will it impact on ranger or hiveserver2 ?

1 REPLY 1

Re: Can soemeone please help me to understand main.ldapRealm.authorizationEnabled property in knox.

@Saurabh

By setting main.ldapRealm.authorizationEnabled to false (default), you are indicating that there is no need for the ShiroProvider to lookup groups for the user through the KnoxLdapRealm implementation. The impact is that if you are doing service level authorization checks at the gateway itself then the groups will not be available for evaluation by the Knox AclsAuthz provider or the Ranger plugin.

If you are not doing service level authorization checks and relying solely on finer grained ACL/policy enforcement then you can safely leave that as false.

Link: https://knox.apache.org/books/knox-0-6-0/user-guide.html