Hadoop Authorization
Applies to: Kyvos Enterprise Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace
Kyvos Azure Marketplace Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)
The Hadoop Authorization type can be None, Sentry, or Ranger.
Note
The Sentry option is available ONLY if Cloudera is selected as the Hadoop Vendor.
From Kyvos 2023.3 onwards, you can see the last performed Hadoop Authorization operation details, including progress status and start time, by clicking the i icon located next to the Revert button . To view more comprehensive details, simply click the View Details link, which will take you to the Operations page, where you can view the operation information in detail.
The following figure illustrates the Hadoop Authorization configuration.
Note
The figure shows the Hadoop Authorization configuration fields displayed for Sentry. Fields for Ranger and Sentry, both are described in the following sections.
Prerequisites for Sentry
If using Sentry, make the following configurations on the Cloudera Manager before proceeding.
Go to the HDFS service of Cloudera Manager and add the following properties and values in the Cluster-wide Advanced Configuration Snippet (Safety Valve) for core-site.xml
This is available if user impersonation is enabled in Kyvos using the following properties.hadoop.proxyuser.kyvos.hosts
hadoop.proxyuser.kyvos.groups
Go to Sentry service of Cloudera Manager and add kyvos in the service.allow.connect property.
On the navigation pane, click Security > Hadoop Authorization.
Enter details as:
Authorization Type | Parameter/Field | Comments/Description |
---|---|---|
SENTRY
| Sentry Source Node | To use the Hive Source Node, select the Same As Hive Node option. Else, select the Other Node option. |
Sentry Node Host Name | If you selected the Other Node option above, enter the DNS name or IP address of the Sentry Node. | |
Use different user account for accessing Sentry Node | Select the check box if you want to use a different user account (other than the login user) for accessing the Sentry node. If you select this option, you will be prompted to provide Username, Authentication Type, and Password/Shared Key for authentication. | |
Sentry Library Path | Provide the absolute path for the Sentry library file jar inclusion to enable Sentry in Kyvos Manager. Refer to the Appendix for the Hadoop library and configuration paths for Cloudera. | |
Sentry Configuration File | Upload the Sentry configuration file. | |
RANGER | Add Parameter | No additional configuration is required for this. NOTE: Kyvos does not support Column level security with Ranger, as Ranger does not provide the ability to integrate column-level security with a third party. The JDBC URL under HCatalog Parameters is mandatory for Ranger authorization while configuring the Hadoop ecosystem on the Kyvos Manager portal. |
Click the Validate button to validate the Sentry settings for user authentication and paths that connect to the Sentry node
Copyright Kyvos, Inc. All rights reserved.