Security

Also available as:

PDF

Contents

loading table of contents...

Hortonworks DataFlow

Security

Copyright © 2012-2017 Hortonworks, Inc.

Except where otherwise noted, this document is licensed under Creative Commons Attribution ShareAlike 4.0 License

http://creativecommons.org/licenses/by-sa/4.0/legalcode

1. Enabling Kerberos

Installing and Configuring the KDC

Use an Existing MIT KDC
Use an Existing Active Directory
Use Manual Kerberos Setup
(Optional) Install a new MIT KDC

Installing the JCE

Install the JCE

Enabling Kerberos on Ambari

Cluster Component Configuration Updates

2. NiFi Authentication

Enabling SSL with a NiFi Certificate Authority
Enabling SSL with Existing Certificates
(Optional) Setting Up Identity Mapping
Generating Client Certificates
Logging into NiFi After Enabling SSL

3. SAM Authentication

Logging into SAM for the First Time
Logging In as a Different User

4. Installing Ranger

Ranger Installation Prerequisites

Setting up Databases for Ranger

Configuring MySQL for Ranger
Configuring PostgreSQL for Ranger
Configuring Oracle for Ranger

Installing Ranger

Start the Installation
Customize Services
Complete the Ranger Installation
Advanced Usersync Settings
Configuring Ranger for LDAP SSL
Setting up Database Users Without Sharing DBA Credentials
Updating Ranger Admin Passwords
Enabling Ranger Plugins

Adding Users to Ranger

5. Authorization with Ranger

Creating Policies for NiFi Access

Creating Policies to View NiFi
Allowing Users Read and Write Access

Create a Kafka Policy

Create a Storm Policy

6. NiFi Authorization

Authorizer Configuration

Authorizers.xml Setup

Initial Admin Identity (New NiFi Instance)
Legacy Authorized Users (NiFi Instance Upgrade)
Cluster Node Identities

Configuring Users & Access Policies

Creating Users and Groups
Access Policies
Access Policy Configuration Examples

7. SAM Authorization

Roles and Permissions

Creating Users and Assigning Them to Roles

Sharing Resources

Sharing an Environment

Sharing an Application

SAM Authorization Limitations

8. Deploying SAM Applications in a Secure Cluster

Connecting to a Secure Service that Supports Delegation Tokens

Connecting to Secure Kafka

Securing SAM – An End-to-End Workflow

Understanding the End-to-End Workflow

List of Tables

2.1. Identity mapping values
4.1. Ranger DB Host
4.2. Driver Class Name
4.3. Ranger DB Username Settings
4.4. JDBC Connect String
4.5. DBA Credential Settings
4.6. UNIX User Sync Properties
4.7. LDAP/AD Common Configs
4.8. LDAP/AD User Configs
4.9. LDAP/AD Group Configs
4.10. UNIX Authentication Settings
4.11. LDAP Authentication Settings
4.12. AD Settings
4.13. LDAP Advanced ranger-ugsync-site Settings
4.14. AD Advanced ranger-ugsync-site Settings
4.15. Advanced ranger-ugsync-site Settings for LDAP and AD
5.1. Policy Details
5.2. Allow Conditions
5.3. Policy Details
5.4. Allow Conditions
5.5. Storm User and Group Permissions
7.1. Role and Permission Matrix