Member since
08-15-2016
189
Posts
63
Kudos Received
22
Solutions
My Accepted Solutions
Title | Views | Posted |
---|---|---|
5684 | 01-02-2018 09:11 AM | |
3028 | 12-04-2017 11:37 AM | |
2155 | 10-03-2017 11:52 AM | |
21588 | 09-20-2017 09:35 PM | |
1620 | 09-12-2017 06:50 PM |
12-22-2016
09:38 AM
3 Kudos
I came to know that AD can be set up with multiple forests. Forest are AD lingo for a container at a level even higher then the Domain Controllers. This is not uncommon in large enterprise AD deployments ( see : MS_Technet) So my question is: -Do any of the HDP stack security features (Knox and Ranger) support this multi forest setup of AD (with the aim of synching or logging on to HDP from any one of those forests) and how?
... View more
Labels:
- Labels:
-
Apache Ambari
-
Apache Knox
-
Apache Ranger
11-25-2016
01:54 PM
8 Kudos
@Manoj Dhake Hi, Atlas and Falcon serve very different purposes, but there are some areas where they touch base. Maybe that is where your confusion comes from. Atlas: -really like an 'atlas' to almost all of the metadata that is around in HDP like Hive metastore, Falcon repo, Kafka topics, Hbase table etc. This single view on metadata makes for some powerfull searching capabilities on top of that with full text search (based on solr) -Since Atlas has this comprehensive view on metadata it is also capable of providing insight in lineage, so it can tell by combining Hive DDL's what table was the source for another table. -Another core feature is that you assign tags to all metadata entities on Atlas. So you can say that column B in Hive table Y holds sensitive data by assigning a 'PII' tag to it. But a hdfs folder can also be assigned a 'PII' tag or a CF from Hbase. From there you can create tag based policies from Ranger to manage access to anything 'PII' tagged in Atlas. Falcon: -more like a scheduling and execution engine for HDP components like Hive, Spark, hdfs distcp, Sqoop to move data around and/or process data along the way. In a way Falcon is a much improved Oozie. -metadata of Falcon dataflows is actually sinked to Atlas through Kafka topics so Atlas knows about Falcon metadata too and Atlas can include Falcon processes and its resulting meta objects (tables, hdfs folders, flows) into its lineage graphs. I know that in the docs both tools claim the term 'data governance', but I feel Atlas is more about that then Falcon is. It is not that clear what Data Governance actually is. With Atlas you can really apply governance by collecting all metadata querying and tagging it and Falcon can maybe execute processes that evolve around that by moving data from one place to another (and yes, Falcon moving a dataset from an analysis cluster to an archiving cluster is also about data governance/management) Hope that helps
... View more
10-20-2016
09:28 PM
@Ana Gillan This approach works! I have done the HDFS and Hive service now. There is always something to wish for it seems 🙂 For Hive, it turns out that the deny/allow conditions extension only appears at the "Access" tab of the Hive policies, not the "Masking" and the "Row Filter" tabs. Can this be done as well? Or is it on the roadmap?
... View more
10-20-2016
09:24 PM
@Ana Gillan No it worked now. It was an error in the json file that causes the 404.
... View more
10-19-2016
10:25 PM
@Sowmya Ramesh is there a hook for that in the Falcon WebUI? Is it that TAG > Value thing maybe
... View more
10-19-2016
10:10 PM
Hi, I set up a Falcon HDFS mirror. Inserts and file updates in the Src are handled just fine. Only deletions from the Src are not reflected in the Tgt. Is that a config thing or just not supported?
... View more
Labels:
10-18-2016
09:05 PM
@Ayub Khan Does not work: curl -u admin:admin -v -X POST -H 'Content-Type: application/json' -H 'Accept-Language: en-US,en;q=0.8' -H 'Accept: application/json, text/javascript, */*; q=0.01' --data-binary '{ "jsonClass":"org.apache.atlas.typesystem.json.InstanceSerialization$_ Struct", "typeName":"CONF", "values":{ } }' --compressed "http://sandbox.hortonworks.com:21000/api/atlas/entities/74dc66ee-1bdb-43da-8f6d-12580877a700/traits/"
Gives: {"error":"Do not know how to deserialize 'org.apache.atlas.typesystem.json.InstanceSerialization$_ Struct'","stackTrace":"org.json4s.package$MappingException: Do not know how to deserialize 'org.apache.atlas.typesystem.json.InstanceSerialization$_ Struct'\n\tat org.json4s.Extraction$ClassInstanceBuilder.org$json4s$Extraction$ClassInstanceBuilder$$mkWithTypeHint(Extraction.scala:506)
... View more
10-18-2016
10:37 AM
For the moment I will not use this exclude switch because it behaves not as I (and my client) would expect. I will go for the Deny Conditions extension for the Hive service. The exclude switch is confusing in that it seems to swap an allow into a deny, but it doesn't. It only excludes the resources from the policy
... View more
10-18-2016
10:37 AM
For the moment I will not use this exclude switch because it behaves not as I (and my client) would expect. I will go for the Deny Conditions extension for the Hive service. The exclude switch is confusing in that it seems to swap an allow into a deny, but it doesn't. It only excludes the resources from the policy
... View more