Cloudera Community
slachterman
user rank
Guru

Re: Is NiFi Primary Node and Dataflow manager the ...

by Guru in Support Questions
‎11-10-2016 06:38 PM
1 Kudo
‎11-10-2016 06:38 PM
1 Kudo
I believe the NCM exposed the UI in previous versions (which is not necessarily the same as the primary node). ... View more

Re: Connecting to Hive via Knox from Tableau

by Guru in Community Articles
‎11-09-2016 08:07 PM
‎11-09-2016 08:07 PM
@Slim Jones please try using Thrift Transport mode option with HTTP and let us know if that works for you. ... View more

Re: How to query ambari internal variable?

by Guru in Support Questions
‎11-08-2016 02:28 PM
‎11-08-2016 02:28 PM
@Alejandro Fernandez does this work the same for Ranger 0.6.0 or is that specific to Ranger 0.4.0? ... View more

Re: Customizing Ranger Policies with Dynamic Conte...

by Guru in Community Articles
‎11-04-2016 09:05 PM
‎11-04-2016 09:05 PM
My pleasure, @Kate Shaw. Yes, that's right, you would specify org.apache.ranger.plugin.conditionevaluator.RangerTimeOfDayMatcher as the evaluator value within the policyConditions array as above (with evaluatorOptions empty in this case). Policy conditions are registered via the HTTP PUT call as above, with the full JSON document as the payload. ... View more

Re: Customizing Ranger Policies with Dynamic Conte...

by Guru in Community Articles
‎11-01-2016 05:43 PM
‎11-01-2016 05:43 PM
Hi @Kate Shaw, you bet. I edited the answer to include the details regarding the policy condition value, it is mapped to LOCATION_COUNTRY_CODE in this case. For Time of Day capabilities, you would register a policy condition using the RangerTimeOfDayMatcher evaluator. The time of day pattern value would look like, for example, "9 AM - 5 PM". ... View more

Re: Security from Windows to Hadoop

by Guru in Support Questions
‎10-31-2016 03:33 PM
‎10-31-2016 03:33 PM
You can use the Ranger API to create policies as well, so you could script the appropriate API calls given the right input data from your source OS. ... View more

Re: Security from Windows to Hadoop

by Guru in Support Questions
‎10-31-2016 02:42 PM
‎10-31-2016 02:42 PM
@Ahmad Debbas you can sync your AD identities to Ranger via LDAP user sync, as well as to the Linux OS using SSSD, and then create Ranger policies which mimic the permissions that you have in Windows. SSSD - https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/sssd-ad-integration.html Ranger User Sync - https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.4/bk_Ranger_Install_Guide/content/ranger_user_sync_ldap_ad.html Ranger Policies - http://hortonworks.com/hadoop-tutorial/manage-security-policy-hive-hbase-knox-ranger/ ... View more

Re: Install NiFi on HDP 2.5?

by Guru in Support Questions
‎10-27-2016 05:56 PM
‎10-27-2016 05:56 PM
You can choose to use the Ambari wizard to install the Ambari agents on all nodes (via passwordless SSH). Otherwise, you can install ambari-agent manually on each node. There are pre-requisites you'll need to ensure you have taken care of, as noted in the docs linked by @Geoffrey Shelton Okot, including openssl, ntp, curl, etc. Please the System Requirements and Prepare the Environment sections in http://docs.hortonworks.com/HDPDocuments/HDF2/HDF-2.0.1/bk_ambari-installation/content/ch_getting_ready.html. ... View more

Re: Install NiFi on HDP 2.5?

by Guru in Support Questions
‎10-27-2016 05:45 PM
2 Kudos
‎10-27-2016 05:45 PM
2 Kudos
Hi @Roger Young, yes, you do need to add nodes to your HDF cluster before assigning components. Please note that NiFi is part of the HDF stack, not HDP, and is managed by a separate Ambari instance. ... View more

How to Create a Ranger Policy that Prohibits Combi...

by Guru in Community Articles
‎10-26-2016 11:05 PM
7 Kudos
‎10-26-2016 11:05 PM
7 Kudos
Our scenario for this walkthrough is as follows: we have a customer table that contains fields for Zip Code, MRN, and Blood Type. Per policy, users in the analyst group cannot access MRN and Blood Type together with Zip Code within the same query, as this would deanonymize sensitive Personal Health Information. In order to make use of Ranger functionality to achieve this, we'll need to register a new policy condition using the Ranger API. Please see my HCC post on this topic for further details. In this case, the policy condition will have the following form (please note itemId value is specific to one's environment) within the policyConditions array contained in the /servicedef/name/hive resource: { "itemId": 1, "name": "resources-accessed-together", "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerHiveResourcesAccessedTogetherCondition", "evaluatorOptions": {}, "label": "Resources Accessed Together?", "description": "Resources Accessed Together?" } The RangerHiveResourcesAccessedTogetherCondition evaluator is included with Ranger. Once this condition is registered using the Ranger API, we can make use of it within a Deny condition for a resource-based policy in Ranger. The policy will be associated with the zipcode field in our ww_customer table. We then need to associate the Blood Type and MRN fields with the resources-accessed-together policy condition we registered above as Deny conditions. Now when joe_analyst, a user in the analyst group, attempts to access these combined fields, they will be denied: Please note that joe_analyst can query, say, Zip Code and Blood Type together, as no patient identifier like MRN is in play: ... View more
Contact Me
Online
Offline
Last Visited
‎05-03-2018 08:43 PM
Community Statistics
Member Since ‎06-20-2016 02:58 PM
Last Visited ‎05-03-2018 08:43 PM
Posts 251
Kudos received 196