To add a policy to a Knox repository, use the Knox Add Policy Form.
Knox Policy Creation Console
Complete the Knox Create Policy screen as follows:
Table 5.3. Knox Policy Labels
Label | Description |
---|---|
Enter Policy Name | Enter an appropriate policy name. This name cannot be duplicated across the system. |
Select Topology Name | A topology is a graph of computation. Each node in a topology contains processing logic, and links between nodes indicate how data should be passed around between nodes. Enter an appropriate topology name. |
Select Service Name | Service Name: Binds a Hadoop service with an internal URL that the Knox gateway uses to proxy requests from external clients to the internal cluster services. Enter an appropriate Service Name. |
Audit Logging | Specify whether this policy is audited. (De-select to disable auditing). |
Group Permissions | Specify the group to which this policy applies. To designate the group as an Administrator for the chosen resource, specify the Admin permissions. (Administrators can create child policies based on existing policies). |
User Permissions | Specify a particular user to which this policy applies (outside of an already-specified group) OR designate a particular user as Admin for this policy. (Administrators can create child policies based on existing policies). |
Enable/Disable | Policies are enabled by default. To restrict user or group access to the policy, select Disable. |
Wild cards can be included in the resource path, in the database name, the table name, or column name:
* indicates zero or more occurrences of characters
? indicates a single character
Since Knox does not provide a command line methodology for assigning privileges or roles to users, the User and Group Permissions portion of the Knox Create Policy form is especially important.
Table 5.4. Knox Permissions
Permission | Description |
---|---|
IP Address | The IP address from which the user logs in. |
Allow | Permits user to access topology that is specified in the topology name. |
Admin | Gives the user Admin privileges. |