You can enable the Apache Ranger HDFS plugin to allow additional oversight of HDFS protocol authentication using either the
OneFS web administration interface or the command-line interface (CLI).
You can enable Apache Ranger on
PowerScale clusters and then check for new authorization policies, receive HDFS requests from clients, and apply authorization policies to the HDFS requests, which can be one of DENY, ALLOW, or UNDETERMINED. Enable the Apache Ranger HDFS plugin using the steps that are outlined in the
Hortonworks Security Guide.
Enabling the Apache Ranger plugin allows the authorization policies that are defined in the Ranger HDFS service instance, also called a repository, prior to Apache Ranger 0.6.0. The policies must first allow users or groups access to resources and then deny specific users or groups from access. If a user is not included in the allow list, they are denied access by default.
NOTE:A poorly formed policy can have an unintended impact, for example, blocking access.
The repository name is a setting within Apache Ranger. The minimum supported version of Apache Ranger is 0.6.0 because the Ranger DENY policy is supported only in 0.6.0 and later versions. In version 0.6.0, Apache Ranger changed the name of this feature to service instance. The service instance is the name of the HDFS service instance within the Apache Ranger Admin UI used as the repository name.
If you have a Kerberos-enabled cluster, follow the instructions in the
Hortonworks Security Guide to enable the Ranger HDFS plugin on the cluster.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\