Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

KMS Questions

Highlighted

KMS Questions

New Contributor

Hi,

Trying to understand a bit of ACLs for KMS. Below are my queries. Can someone help me and provide their thoughts?

1. In the kms-acls.xml, what is the difference between entries hadoop.kms.acl.<op-name>, key.acl.<key-name>.<op-name>, default.key.acl.<op-name> and whitelist.key.acl.<op-name>

2. When should each of the above entries need to be used? For example, if I want fine-grained access control, I believe I need to use key.acl.<key-name>.<op-name>. But when is hadoop.kms.acl.<op-name> used in that case?

3. What happens when a user is present in multiple sections, for example - hadoop.kms.acl and blacklist acl as well?

Thanks

3 REPLIES 3

Re: KMS Questions

Are you planning to use Ranger KMS? If so, the permissions can be managed via Ranger UI.

Doc for Hadoop KMS is here - https://hadoop.apache.org/docs/stable/hadoop-kms/index.html

Blacklist will override the access given.

Re: KMS Questions

New Contributor

@vperiasamy

Thanks for your response. I am looking at Hadoop KMS at the moment. I have gone through the link you had shared, but my doubts still are unanswered after going through the doc as its not quite exhaustive.

Please provide your thoughts on my other questions as well. Minaly trying to understand the difference between KMS Access Control and Key Access Control as documented in the link provided.

Thanks

Re: KMS Questions

New Contributor

The difference between KMS Access Control and Key Access Control is, Key Access Control can define whitelist of operation of certain key whereas KMS Access control as whitelist or blacklist based on operation in general for all the keys.