Hortonworks Hadoop HDP 2.2 – Introduction Part 4

By | July 15, 2015


In Part 3,


We were discussed about Data GOVERNANCE, in this tutorial i will focus on security category available in HDP architecture, Hortonworks divided security category into Authentication, Audit , Authorization, Data and application level security that we are going to discuss here.

hdp 4

Let’s understand how security plays important role in Hortonworks Hadoop environment.



  • Authentication verifies the access for external and internal users while accessing hadoop cluster.
  • User can access cluster using normal authentication as well as using kerberos.
  • Single machine can manage access control over the network (LDAP)



  • To do some analysis about system and job workflow like map reduce jobs ran by which users and auditing about it also Hive, HBase query transaction audit and all.



  • Authorization provides the accessibility feature for various users like access on particular data or files and this is achieved using knox gateway in Hortonworks.
  • Authorization is service specific to that particular user granted with access permission for some services.


Data Security


  • Hortonworks HDP 2.2 supports data Encryption using RPC or Data transfer protocol.
  • YARN MapReduce uses resource level access control.
  • Hive supports coarse-grained access control mechanism on Hive tables.

Storage level : HDFS


  • HDFS uses “fine grained authorization”


Resource : YARN


  • YARN uses resource “level access control”


Access Control : Hive


  • Hive uses “coarse-grained access control”


Cluster : Ranger / Knox


  • Ranger – It provides central security policy and it also manages fine-grained access control over Hadoop
  • Knox – Gateway between Hortonworks cluster and outside world.
  • Example it can enable security like a user can only execute abc types of map reduce job


We will discuss further more on Hortonworks architecture

In Part 5

[spacer height=”20px”]


Leave a Reply

Your email address will not be published. Required fields are marked *