Versions Compared

Old Version 1

changes.mady.by.user Sarabjeet Kaur

Saved on

compared with

New Version 2

changes.mady.by.user Sarabjeet Kaur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Applies to: Image Modified Kyvos Enterprise   Image Modified Kyvos Cloud    Image Modified Kyvos Azure Marketplace    Image Modified Kyvos Single Node Installation

Image Modified Kyvos Single Node Standard Installation    Image Modified Kyvos Free

The Hadoop Authorization type can be None, Sentry, or Ranger.

Info
titleInfo
  • The Sentry option is available ONLY if Cloudera is selected as the Hadoop Vendor.
  • From Kyvos 2023.3 onwards, you can see the last performed Hadoop Authorization operation details, including progress status and start time, by clicking the i icon located next to the Revert button To view more comprehensive details, simply click the  View Details link, which will take you to the  Operations  page, where you can view the operation information in detail. 

The following figure illustrates the Hadoop Authorization configuration.

...

  1. Go to the HDFS service of Cloudera Manager and add the following properties and values in the Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml
    This is available if user impersonation is enabled in Kyvos using the following properties.
    • hadoop.proxyuser.kyvos.hosts
    • hadoop.proxyuser.kyvos.groups
  2. Go to Sentry service of Cloudera Manager and add kyvos in the service.allow.connect property.

  3. On the navigation pane, click Security > Hadoop Authorization

  4. Enter details as: 

    Authorization Type

    Parameter/Field 

    Comments/Description 

    SENTRY





    Sentry Source Node

    To use the Hive Source Node, select the Same As Hive Node option. Else, select the Other Node option.

    Sentry Node Host Name

    If you selected the Other Node option above, enter the DNS name or IP address of the Sentry Node.

    Use different user account for accessing Sentry Node

    Select the check box if you want to use a different user account (other than the login user) for accessing the Sentry node. If you select this option, you will be prompted to provide Username, Authentication Type, and Password/Shared Key for authentication.

    Sentry Library Path

    Provide the absolute path for the Sentry library file jar inclusion to enable Sentry in Kyvos Manager.

    Refer to the  Appendix  for the Hadoop library and configuration paths for Cloudera.

    Sentry Configuration File

    Upload the Sentry configuration file. 

    RANGER

    Add Parameter

    No additional configuration is required for this.

    NOTE: Kyvos does not support Column level security with Ranger, as Ranger does not provide the ability to integrate column-level security with a third party.

    The JDBC URL under HCatalog Parameters is mandatory for Ranger authorization while configuring the Hadoop ecosystem on the Kyvos Manager portal.


  5. Click the Validate button to validate the Sentry settings for user authentication and paths that connect to the Sentry node