7. Storm Policy Creation

To add a policy to a Storm repository, use the Storm Create Policy Form.

Storm Policy Creation Console

Label

Description

Enter Policy Name

Enter an appropriate policy name. This name is cannot be duplicated across the system.

Select Service Name

Service Name:Binds a Hadoop service with an internal URL that the gateway uses to proxy requests from external clients to the internal cluster services. Enter an appropriate Service Name.
Audit LoggingSpecify whether this policy is audited. (De-select to disable auditing).
Group Permissions

Specify the group to which this policy applies. To designate the group as an Administrator for the chosen resource, specify Admin privileges. (Administrators can create child policies based on existing policies).

User PermissionsSpecify a particular user to which this policy applies (outside of an already-specified group) OR designate a particular user as Admin for this policy. (Administrators can create child policies based on existing policies).
Enable/DisablePolicies are enabled by default. To restrict user or group access to the policy, select Disable.

Wild cards can be included in the resource path, in the database name, the table name, or column name:

  • * indicates zero or more occurrences of characters

  • ? indicates a single character

Since Storm does not provide a command line methodology for assigning privileges or roles to users, the User and Group Permissions portion of the Storm Create Policy form is especially important.

To assign user privileges or roles, complete the User and Group Permissions portion of the Storm Create Policy form.

 

Table 5.5. Knox User and Group Permissions

ActionsDescription
File uploadAllows a user to upload files.
Get Nimbus ConfAllows a user to access Nimbus configurations.
Get Cluster InfoAllows a user to get cluster information.
File DownloadAllows a user to download files.
Kill TopologyAllows a user to kill the topology.
RebalanceAllows a user to rebalance topologies.
ActivateAllows a user to activate a topology.
DeactivateAllows a user to deactivate a topology.
Get Topology ConfAllows a user to access a topology configuration.
Get TopologyAllows a user to access a topology.
Get User TopologyAllows a user to access a user topology.
Get Topology InfoAllows a user to access topology information.
Upload New CredentialAllows a user to upload a new credential.
AdminProvides a user with delegated admin access.