Support Questions

Find answers, ask questions, and share your expertise

Hierarchy of TDE encryption zones with Ranger-KMS

avatar
Expert Contributor

I was wondering is there any way to have a hierarchy of encryption zones managing by Ranger-KMS? Suppose we have the following directory structure:

/userA/userB/

/userA/userC/

I want to configure HDFS in a way that userB and userA use two different encryption zones, but I would like to be able to access userB and userC folders with userA and be able to encrypt/decrypt data owned by userB or userC. Is there any way to handle this situation with Ranger-KMS?

1 ACCEPTED SOLUTION

avatar
Master Guru

With ranger you encrypt folders and those will access to those folder will be able to view data (decrypt). you can have userb and c folders encrypted and provide access to those folders to user A. then user will have access to those folders and view data (decrypt).

View solution in original post

3 REPLIES 3

avatar
Master Guru

With ranger you encrypt folders and those will access to those folder will be able to view data (decrypt). you can have userb and c folders encrypted and provide access to those folders to user A. then user will have access to those folders and view data (decrypt).

avatar
Expert Contributor

So can we virtually build a hierarchy of encryption zone in this way?

avatar
Master Guru

I don't consider this a hierarchy of encryption. more in tune of encryption and authorization on those zones.