Chapter 1. Security Introduction

Centralized security administration in a Hadoop environment has four aspects:

  • Authentication

    Effected by Kerberos in native Apache Hadoop, and secured by the Apache Knox Gateway via the HTTP/REST API. (For further information, see the Apache Knox Gateway Manager Guide.)

  • Authorization

    Fine-grained access control provides flexibility in defining policies...

    • on the folder and file level, via HDFS

    • on the database, table and column level, via Hive

    • on the table, column family and column level, via HBase

  • Audit

    Controls access into the system via extensive user access auditing in HDFS, Hive and HBase at...

    • IP address

    • Resource/resource type

    • Timestamp

    • Access granted or denied

  • Data Protection

    Provided by wire encryption, volume encryption and (via HDFS TDE and Hortonworks partners) file/column encryption

Ranger Security Administration