Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: The Cloudera Community will undergo maintenance on Saturday, August 17 at 12:00am PDT. See more info here.

Controlling Cloudera Admin Access to underlying data

Highlighted

Controlling Cloudera Admin Access to underlying data

New Contributor

Need to ask the following questions asap around Cloudera Admin access - documentation here https://www.cloudera.com/documentation/enterprise/5-10-x/topics/cm_sg_user_roles.html

  1. Does any Cloudera Admin roles have full data access – current assumption is Cluster Admin and Full Admin have it.
  2. If any Admin role has full data access – can we do without those roles. (e.g. - The documentation says that Full Admin can be deleted once Cloudera set is done.
  3. Can we add any restrictions/build privileges such that data set (which is highly sensitive) in a particular node is accessible only to users given access to that node and not accessible by any admins.
1 REPLY 1

Re: Controlling Cloudera Admin Access to underlying data

Master Collaborator
I am not a security expert, but I think the answer to your last question is data-at-rest encryption.

One comment to the first point: I dont think the admin has a direct full access to the data directly, but as he is able to change any propoerty of HDFS, he is able to configure for himself an access very likely.