Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Hierarchy of TDE encryption zones with Ranger-KMS

avatar
Rising Star

I was wondering is there any way to have a hierarchy of encryption zones managing by Ranger-KMS? Suppose we have the following directory structure:

/userA/userB/

/userA/userC/

I want to configure HDFS in a way that userB and userA use two different encryption zones, but I would like to be able to access userB and userC folders with userA and be able to encrypt/decrypt data owned by userB or userC. Is there any way to handle this situation with Ranger-KMS?

1 ACCEPTED SOLUTION

avatar
Master Guru

With ranger you encrypt folders and those will access to those folder will be able to view data (decrypt). you can have userb and c folders encrypted and provide access to those folders to user A. then user will have access to those folders and view data (decrypt).

View solution in original post

3 REPLIES 3

avatar
Master Guru

With ranger you encrypt folders and those will access to those folder will be able to view data (decrypt). you can have userb and c folders encrypted and provide access to those folders to user A. then user will have access to those folders and view data (decrypt).

avatar
Rising Star

So can we virtually build a hierarchy of encryption zone in this way?

avatar
Master Guru

I don't consider this a hierarchy of encryption. more in tune of encryption and authorization on those zones.