Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Working demo of enabling service level authorisation for HDP hadoop

Working demo of enabling service level authorisation for HDP hadoop

Expert Contributor

Can anyone help me with working demo of enabling service level authorisation as mentioned here?

I am unable to make it work on HDP 2.3.4.0 with Ambari 2.2.0.

I can run yarn jobs from any user irrespective of the acl setting(security.job.client.protocol.acl).

However, ranger plugin policies are working fine.

I tried this with and without enabling ranger plugin but it is not working in both the cases.

In case of apache hadoop service level authorisation is working fine as per the above document.

2 REPLIES 2

Re: Working demo of enabling service level authorisation for HDP hadoop

Contributor

Hi @Rahul Pathak

only some check:

  1. Did you set hadoop.security.authorization to true in core-site.xml using Ambari?
  2. Can you post the value of the property security.job.client.protocol.acl?
  3. Did you configure property security.client.protocol.acl?
  4. After setting the properties and restarting all the service thru Ambari did you check the core-site.xml and hadoop-policy.xml manually in order to verify the values?

I'll wait your answer.

Re: Working demo of enabling service level authorisation for HDP hadoop

Expert Contributor

@Andrea D'Orio

Thanks for checking.

Apologies for late response as I got busy with something.

Here are the details which you have requested.

  1. Did you set hadoop.security.authorization to true in core-site.xml using Ambari?
    1. Yes I did that using Ambari.
  2. Can you post the value of the property security.job.client.protocol.acl?
    1. Please find the details in the screenshot below. It was set to * in ambari.4127-service-level-auth.png
  3. Did you configure property security.client.protocol.acl?
    1. It was already configured to * in ambari. Please refer to screenshot above.
  4. After setting the properties and restarting all the service thru Ambari did you check the core-site.xml and hadoop-policy.xml manually in order to verify the values?
    1. Yes above screenshot is taken after stopping and starting all the services from ambari.