Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Hierarchy of TDE encryption zones with Ranger-KMS

avatar
author-rank alinazemian
Expert Contributor

Created ‎02-26-2017 02:35 AM

I was wondering is there any way to have a hierarchy of encryption zones managing by Ranger-KMS? Suppose we have the following directory structure:

/userA/userB/

/userA/userC/

I want to configure HDFS in a way that userB and userA use two different encryption zones, but I would like to be able to access userB and userC folders with userA and be able to encrypt/decrypt data owned by userB or userC. Is there any way to handle this situation with Ranger-KMS?

1,528 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎02-26-2017 02:44 AM

With ranger you encrypt folders and those will access to those folder will be able to view data (decrypt). you can have userb and c folders encrypted and provide access to those folders to user A. then user will have access to those folders and view data (decrypt).

View solution in original post

1,387 Views
3 REPLIES 3

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎02-26-2017 02:44 AM

With ranger you encrypt folders and those will access to those folder will be able to view data (decrypt). you can have userb and c folders encrypted and provide access to those folders to user A. then user will have access to those folders and view data (decrypt).

1,388 Views

avatar
author-rank alinazemian
Expert Contributor

Created ‎02-26-2017 02:50 AM

So can we virtually build a hierarchy of encryption zone in this way?

1,387 Views
0 Kudos

avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎02-26-2017 03:08 AM

I don't consider this a hierarchy of encryption. more in tune of encryption and authorization on those zones.

1,387 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements