Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

RWX permissions in Apache Knox

Highlighted

RWX permissions in Apache Knox

New Contributor

Hi,

When you define a Knox policy in Ranger, you can specify Read/Wirte/Create/Administration permissions for a particular service exposed thourgh a REST API. See for example:

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.5/bk_security/content/knox_policy.html

What is the precise meaneaning of these RWX permissions? They make me think to some kind of ACL, but no detailed description is provided in the documentation.

For example: if the policy specifies that a particular group do not have Write permission for a given exposed service, and the execution of the service attempts to write some HDFS file of the cluster, shall Knox make the invocation of the REST API to fail?

Many thanks in advance.

Regards,

Eduardo Giménez.

1 REPLY 1

Re: RWX permissions in Apache Knox

New Contributor

@Eduardo Giménez,

Setting RWX permissions using Ranger has the same effect as setting File System Level Security, if you will not have write permissions the File System Will not allow you to Write your request. the working would be that you fire the request, and HDFS will verify your credentials, and send beck the result Knox will provide the credentials with the request as where HDFS will use Ranger to enforce Security.