Versions Compared

Old Version 4

changes.mady.by.user Sarabjeet Kaur

Saved on

compared with

New Version Current

changes.mady.by.user Sarabjeet Kaur

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Applies to: Image Removed (tick) Kyvos Enterprise    Image Removed Kyvos Cloud    Image Removed Kyvos Azure Marketplace    Image Removed Kyvos Single Node Installation Image Removed Kyvos Single Node Standard Installation    Image Removed Kyvos Free (tick) Kyvos Cloud (SaaS on AWS) (tick) Kyvos AWS Marketplace

(error) Kyvos Azure Marketplace   (tick) Kyvos GCP Marketplace (error) Kyvos Single Node Installation (Kyvos SNI)

...

The Hadoop Authorization type can be None, Sentry, or Ranger.

Info
Info
title
Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#DEEBFF

Note

  • The Sentry option is available ONLY if Cloudera is selected as the Hadoop Vendor.

  • From Kyvos 2023.3 onwards, you can see the last performed Hadoop Authorization operation details, including progress status and start time, by clicking the iicon located next to the Revert button .

     To

     To view more comprehensive details, simply click

    the 

    the  View Details link, which will take you to

    the 

    the Operations

     

    page, where you can view the operation information in detail. 

The following figure illustrates the Hadoop Authorization configuration.

Image Removed

...

...

Panel
panelIconIdatlassian-note
panelIcon:note:
bgColor#DEEBFF

Note

The figure shows the Hadoop Authorization configuration fields displayed for Sentry. Fields for Ranger and Sentry, both are described in the following sections.

Prerequisites for Sentry

If using Sentry, make the following configurations on the Cloudera Manager before proceeding.

  1. Go to the HDFS service of Cloudera Manager and add the following properties and values in the Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml
    This is available if user impersonation is enabled in Kyvos using the following properties.

    • hadoop.proxyuser.kyvos.hosts

    • hadoop.proxyuser.kyvos.groups

  2. Go to Sentry service of Cloudera Manager and add kyvos in the service.allow.connect property.

  3. On the navigation pane, click Security > Hadoop Authorization

  4. Enter details as: 

Authorization Type

Parameter/Field 

Comments/Description 

SENTRY

Sentry Source Node

To use the Hive Source Node, select the Same As Hive Node option. Else, select the Other Node option.

Sentry Node Host Name

If you selected the Other Node option above, enter the DNS name or IP address of the Sentry Node.

Use different user account for accessing Sentry Node

Select the check box if you want to use a different user account (other than the login user) for accessing the Sentry node. If you select this option, you will be prompted to provide Username, Authentication Type, and Password/Shared Key for authentication.

Sentry Library Path

Provide the absolute path for the Sentry library file jar inclusion to enable Sentry in Kyvos Manager.

Refer to the

...

Appendix

...

for the Hadoop library and configuration paths for Cloudera.

Sentry Configuration File

Upload the Sentry configuration file. 

RANGER

Add Parameter

No additional configuration is required for this.

NOTE: Kyvos does not support Column level security with Ranger, as Ranger does not provide the ability to integrate column-level security with a third party.

The JDBC URL under HCatalog Parameters is mandatory for Ranger authorization while configuring the Hadoop ecosystem on the Kyvos Manager portal.

  1. Click the Validate button to validate the Sentry settings for user authentication and paths that connect to the Sentry node