- Notes, cautions, and warnings
- Introduction to this guide
- Overview of HDFS with OneFS
- Configuring OneFS with HDFS
- Activate the HDFS license
- Configuring the HDFS service
- HDFS service settings overview
- Enable or disable the HDFS service globally (Web UI)
- Enable or disable the HDFS service per-access zone (Web UI)
- Enable or disable the HDFS service globally (CLI)
- Enable or disable the HDFS service per-access zone (CLI)
- Configure HDFS service settings (Web UI)
- Configure HDFS service settings (CLI)
- View HDFS settings (Web UI)
- View HDFS settings (CLI)
- Modify HDFS log levels (CLI)
- View HDFS log levels (CLI)
- Set the HDFS root directory (Web UI)
- Set the HDFS root directory (CLI)
- Configuring HDFS authentication methods
- Creating a local Hadoop user
- Enabling the WebHDFS REST API
- Configuring secure impersonation
- Configuring virtual HDFS racks
- Configuring HDFS wire encryption
- Configuring HDFS transparent data encryption
- Additional resources
PowerScale OneFS HDFS Configuration Guide
Editing Apache Ranger HDFS plugin settings
You can enable the Apache Ranger HDFS plugin to allow additional oversight of HDFS protocol authentication using either the OneFS web administration interface or the command-line interface (CLI).
You can enable Apache Ranger on PowerScale clusters and then check for new authorization policies, receive HDFS requests from clients, and apply authorization policies to the HDFS requests, which can be one of DENY, ALLOW, or UNDETERMINED. Enable the Apache Ranger HDFS plugin using the steps that are outlined in the Hortonworks Security Guide.
Enabling the Apache Ranger plugin allows the authorization policies that are defined in the Ranger HDFS service instance, also called a repository, prior to Apache Ranger 0.6.0. The policies must first allow users or groups access to resources and then deny specific users or groups from access. If a user is not included in the allow list, they are denied access by default.
NOTE:A poorly formed policy can have an unintended impact, for example, blocking access.
The repository name is a setting within Apache Ranger. The minimum supported version of Apache Ranger is 0.6.0 because the Ranger DENY policy is supported only in 0.6.0 and later versions. In version 0.6.0, Apache Ranger changed the name of this feature to service instance. The service instance is the name of the HDFS service instance within the Apache Ranger Admin UI used as the repository name.
If you have a Kerberos-enabled cluster, follow the instructions in the Hortonworks Security Guide to enable the Ranger HDFS plugin on the cluster.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\