Cloudera Docs » 3.1.1 » Security
Security
Also available as:
PDF
loading table of contents...

Contents

1. Enabling Kerberos
Installing and Configuring the KDC
Use an Existing MIT KDC
Use an Existing Active Directory
Use Manual Kerberos Setup
(Optional) Install a new MIT KDC
Installing the JCE
Install the JCE
Enabling Kerberos on Ambari
Cluster Component Configuration Updates
2. NiFi Authentication
Enabling SSL with a NiFi Certificate Authority
Enabling SSL with Existing Certificates
(Optional) Setting Up Identity Mapping
Generating Client Certificates
Logging into NiFi After Enabling SSL
3. Proxying NiFi with Apache Knox
Prerequisites
Installing NiFi on a New HDP Cluster
Installing NiFi on an Upgraded HDP Cluster
Configuring Knox for NiFi
Accessing NiFi Via Knox
4. SAM Authentication
Logging into SAM for the First Time
Logging In as a Different User
5. Installing Ranger
Ranger Installation Prerequisites
Setting up Databases for Ranger
Configuring MySQL for Ranger
Configuring PostgreSQL for Ranger
Configuring Oracle for Ranger
Installing Ranger
Start the Installation
Customize Services
Complete the Ranger Installation
Advanced Usersync Settings
Configuring Ranger for LDAP SSL
Setting up Database Users Without Sharing DBA Credentials
Updating Ranger Admin Passwords
Enabling Ranger Plugins
Configuring NiFi to Use Ranger for Managing Group Based Access Policies
Adding Users to Ranger
6. Authorization with Ranger
Creating Policies for NiFi Access
Creating Policies to View NiFi
Allowing Users Read and Write Access
Create a Kafka Policy
Create a Storm Policy
7. NiFi Authorization
Authorizer Configuration
Authorizers.xml Setup
Initial Admin Identity (New NiFi Instance)
Legacy Authorized Users (NiFi Instance Upgrade)
Cluster Node Identities
Configuring Users & Access Policies
Creating Users and Groups
Access Policies
Access Policy Configuration Examples
8. SAM Authorization
Roles and Permissions
Creating Users and Assigning Them to Roles
Sharing Resources
Sharing an Environment
Sharing an Application
SAM Authorization Limitations
9. Deploying SAM Applications in a Secure Cluster
Connecting to a Secure Service that Supports Delegation Tokens
Connecting to Secure Kafka
Securing SAM – An End-to-End Workflow
Understanding the End-to-End Workflow

List of Tables

2.1. Identity mapping values
5.1. Ranger DB Host
5.2. Driver Class Name
5.3. Ranger DB Username Settings
5.4. JDBC Connect String
5.5. DBA Credential Settings
5.6. UNIX User Sync Properties
5.7. LDAP/AD Common Configs
5.8. LDAP/AD User Configs
5.9. LDAP/AD Group Configs
5.10. UNIX Authentication Settings
5.11. LDAP Authentication Settings
5.12. AD Settings
5.13. LDAP Advanced ranger-ugsync-site Settings
5.14. AD Advanced ranger-ugsync-site Settings
5.15. Advanced ranger-ugsync-site Settings for LDAP and AD
6.1. Policy Details
6.2. Allow Conditions
6.3. Policy Details
6.4. Allow Conditions
6.5. Storm User and Group Permissions
8.1. Role and Permission Matrix
© 2012–2020, Cloudera, Inc.
Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.
Cloudera.com | Documentation | Support | Community