- Notes, cautions, and warnings
- Introduction to this guide
- Overview of HDFS with OneFS
- Configuring OneFS with HDFS
- Activate the HDFS license
- Configuring the HDFS service
- HDFS service settings overview
- Enable or disable the HDFS service globally (Web UI)
- Enable or disable the HDFS service per-access zone (Web UI)
- Enable or disable the HDFS service globally (CLI)
- Enable or disable the HDFS service per-access zone (CLI)
- Configure HDFS service settings (Web UI)
- Configure HDFS service settings (CLI)
- View HDFS settings (Web UI)
- View HDFS settings (CLI)
- Modify HDFS log levels (CLI)
- View HDFS log levels (CLI)
- Set the HDFS root directory (Web UI)
- Set the HDFS root directory (CLI)
- Configuring HDFS authentication methods
- Creating a local Hadoop user
- Enabling the WebHDFS REST API
- Configuring secure impersonation
- Configuring virtual HDFS racks
- Configuring HDFS wire encryption
- Configuring HDFS transparent data encryption
- Additional resources
PowerScale OneFS HDFS Configuration Guide
Configuring secure impersonation
Secure impersonation enables you to create proxy users that can impersonate other users to run Hadoop jobs.
You might configure secure impersonation if you use applications, such as Apache Oozie, to automatically schedule, manage, and run Hadoop jobs. For example, you can create an Oozie proxy user that securely impersonates a user called HadoopAdmin, which allows the Oozie user to request that Hadoop jobs be performed by the HadoopAdmin user.
You configure proxy users for secure impersonation on a per–zone basis, and users or groups of users that you assign as members to the proxy user must be from the same access zone. A member can be one or more of the following identity types:
- User specified by user name or UID
- Group of users specified by group name or GID
- User, group, machine, or account specified by SID
- Well-known user specified by name
If the proxy user does not present valid credentials or if a proxy user member does not exist on the cluster, access is denied. The proxy user can only access files and sub-directories located in the HDFS root directory of the access zone. It is recommended that you limit the members that the proxy user can impersonate to users that have access only to the data the proxy user needs.
NOTE:Names cannot contain the following invalid characters:
" / \ [ ] : ; | = , + * ? < >
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\