6. Knox Policy Creation

To add a policy to a Knox repository, use the Knox Add Policy Form.

Knox Policy Creation Console

Complete the Knox Create Policy screen as follows:


Table 5.3. Knox Policy Labels

Enter Policy NameEnter an appropriate policy name. This name cannot be duplicated across the system.
Select Topology NameA topology is a graph of computation. Each node in a topology contains processing logic, and links between nodes indicate how data should be passed around between nodes. Enter an appropriate topology name.
Select Service NameService Name: Binds a Hadoop service with an internal URL that the Knox gateway uses to proxy requests from external clients to the internal cluster services. Enter an appropriate Service Name.
Audit LoggingSpecify whether this policy is audited. (De-select to disable auditing).
Group PermissionsSpecify the group to which this policy applies. To designate the group as an Administrator for the chosen resource, specify the Admin permissions. (Administrators can create child policies based on existing policies).
User PermissionsSpecify a particular user to which this policy applies (outside of an already-specified group) OR designate a particular user as Admin for this policy. (Administrators can create child policies based on existing policies).
Enable/DisablePolicies are enabled by default. To restrict user or group access to the policy, select Disable.

Wild cards can be included in the resource path, in the database name, the table name, or column name:

  • * indicates zero or more occurrences of characters

  • ? indicates a single character

Since Knox does not provide a command line methodology for assigning privileges or roles to users, the User and Group Permissions portion of the Knox Create Policy form is especially important.


Table 5.4. Knox Permissions

IP AddressThe IP address from which the user logs in.
AllowPermits user to access topology that is specified in the topology name.
AdminGives the user Admin privileges.