In Part 3,
We were discussed about Data GOVERNANCE, in this tutorial i will focus on security category available in HDP architecture, Hortonworks divided security category into Authentication, Audit , Authorization, Data and application level security that we are going to discuss here.
Let’s understand how security plays important role in Hortonworks Hadoop environment.
- Authentication verifies the access for external and internal users while accessing hadoop cluster.
- User can access cluster using normal authentication as well as using kerberos.
- Single machine can manage access control over the network (LDAP)
- To do some analysis about system and job workflow like map reduce jobs ran by which users and auditing about it also Hive, HBase query transaction audit and all.
- Authorization provides the accessibility feature for various users like access on particular data or files and this is achieved using knox gateway in Hortonworks.
- Authorization is service specific to that particular user granted with access permission for some services.
- Hortonworks HDP 2.2 supports data Encryption using RPC or Data transfer protocol.
- YARN MapReduce uses resource level access control.
- Hive supports coarse-grained access control mechanism on Hive tables.
Storage level : HDFS
- HDFS uses “fine grained authorization”
Resource : YARN
- YARN uses resource “level access control”
Access Control : Hive
- Hive uses “coarse-grained access control”
Cluster : Ranger / Knox
- Ranger – It provides central security policy and it also manages fine-grained access control over Hadoop
- Knox – Gateway between Hortonworks cluster and outside world.
- Example it can enable security like a user can only execute abc types of map reduce job
We will discuss further more on Hortonworks architecture
In Part 5