Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Can we set exceptions to a SuperUser's access permissions?

Solved Go to solution
Highlighted

Can we set exceptions to a SuperUser's access permissions?

We have an application (Datameer) that requires superuser access by being a member in the HDFS supergroup. What options are available for securing/restricting that user's access to files and folders on HDFS?

With Ranger 0.6+ (HDP 2.5+) we can use Deny or Exclude Conditions (https://cwiki.apache.org/confluence/display/RANGER/Deny-conditions+and+excludes+in+Ranger+policies), but what do we do with previous versions like HDP 2.4 (Ranger 0.5.2)?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Can we set exceptions to a SuperUser's access permissions?

@Eyad Garelnabi

According to the Hadoop Documentation, permissions checks for the superuser always succeed, even if you try to restrict them. The process (and group) used to start the namenode become the superuser and can always do everything within HDFS.

1 REPLY 1

Re: Can we set exceptions to a SuperUser's access permissions?

@Eyad Garelnabi

According to the Hadoop Documentation, permissions checks for the superuser always succeed, even if you try to restrict them. The process (and group) used to start the namenode become the superuser and can always do everything within HDFS.