Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Presto and Ranger

Solved Go to solution
Highlighted

Presto and Ranger

New Contributor

We have a kerborized hadoop cluster with Ranger enabled, if we want try out Presto does there need to be a service created in Ranger for Presto? is the a plugin available for presto to work with Ranger?

Or

Presto uses HDFS/Hive services which are already plugged in Ranger?

Let me know..

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Presto and Ranger

@Bhanu Pittampally

At present, Presto is not supported with Ranger. You can control the HDFS and Hive services via Ranger to enable Presto to access those resources, but there won't be any control for Presto security mechanisms.

Currently, the supported components in Ranger (0.5) are HDFS, YARN, Hive, HBase, Kafka, Storm, Knox, and Solr.

6 REPLIES 6

Re: Presto and Ranger

@Bhanu Pittampally

At present, Presto is not supported with Ranger. You can control the HDFS and Hive services via Ranger to enable Presto to access those resources, but there won't be any control for Presto security mechanisms.

Currently, the supported components in Ranger (0.5) are HDFS, YARN, Hive, HBase, Kafka, Storm, Knox, and Solr.

Re: Presto and Ranger

New Contributor

Hello @emaxwell thanks for the quick response. My question now is, how is presto allowed to access hdfs and hive with Ranger standing between them? My understanding with Ranger is it is kind of gate keeper and you need to have a service to go through it.. can you help me here or direct me to a document which I can read..?

another question.. what about the Presto auditing, Will Ranger show audit log related to Presto?

Re: Presto and Ranger

@Bhanu Pittampally

The components that are supported by Ranger have plugins that the components use to verify authorization. For example, if Presto wants to read from HDFS, the it will contact the NameNode. The NameNode will use the HDFS Ranger plugin to check the authorization for the presto user on the files trying to be accessed.

Re: Presto and Ranger

Expert Contributor

@Bhanu Pittampally Ranger doesn't have plugin for Presto, saying so audit related to Presto wont be there in Ranger Auditing. Regarding the question on how Presto is allowed to acess hdfs and hive, there might be global policies defined in ranger allowing it to happend if Ranger Hdfs and Hive Plugin is enabled in your environment. Do you see audit log in ranger audit for hdfs when you do Hdfs operation via Presto? Check with user is getting authorized. This also happens only when you have Ranger hdfs plugin is enabled and auditing is done for the resource. Same with Hive case also.

Re: Presto and Ranger

New Contributor

@Ramesh Mani: Thanks for jumping in. I have not installed Presto yet, I am preparing for it and trying to get answers to my questions. So in order for a user to work through presto to access HDFS/Hive there should be some global policies be created? am I understanding it correctly?

this question might be related to my first one, If a user have access to hdfs/hive (enabled thru Ranger), can they simply use presto as a access tool and access the data?

Re: Presto and Ranger

New Contributor

I think @emaxwell already answered my other question.

q: If a user have access to hdfs/hive (enabled thru Ranger), can they simply use presto as a access tool and access the data?

Answer: You can control the HDFS and Hive services via Ranger to enable Presto to access those resources,

Don't have an account?
Coming from Hortonworks? Activate your account here