Support Questions

alinazemian · ‎02-26-2017

I was wondering is there any way to have a hierarchy of encryption zones managing by Ranger-KMS? Suppose we have the following directory structure:

/userA/userB/

/userA/userC/

I want to configure HDFS in a way that userB and userA use two different encryption zones, but I would like to be able to access userB and userC folders with userA and be able to encrypt/decrypt data owned by userB or userC. Is there any way to handle this situation with Ranger-KMS?

sunile_manjee · ‎02-26-2017

With ranger you encrypt folders and those will access to those folder will be able to view data (decrypt). you can have userb and c folders encrypted and provide access to those folders to user A. then user will have access to those folders and view data (decrypt).

View solution in original post

sunile_manjee · ‎02-26-2017

With ranger you encrypt folders and those will access to those folder will be able to view data (decrypt). you can have userb and c folders encrypted and provide access to those folders to user A. then user will have access to those folders and view data (decrypt).

alinazemian · ‎02-26-2017

So can we virtually build a hierarchy of encryption zone in this way?

sunile_manjee · ‎02-26-2017

I don't consider this a hierarchy of encryption. more in tune of encryption and authorization on those zones.

Cloudera Community

Support Questions

Hierarchy of TDE encryption zones with Ranger-KMS

Walkthrough: Creating Encryption Zone in HDFS and ...

Can we move file from TDE encrypt zone?

How to copy encrypted data between two HDP cluster...

Hardening Apache ZooKeeper Security Part 2: TLS en...

Import/Export Ranger KMS keys and distcp without s...

Authentication errors from Ambari view copying dat...

HDFS Encrypted zone intra-cluster transfer automat...

Unable to put files in HDFS Encrypted Zone

Strict Access to Encrypted Zone in Transparent Dat...

Create encryption zones