Chapter 1. Hadoop Security Features
Central security administration is provided through the the Apache Ranger console, which delivers a ‘single pane of glass’ for the security administrator. The console ensures consistent security policy coverage across the entire Hadoop stack.
Centralized security administration in a Hadoop environment has four aspects:
Authentication
Effected by Kerberos in native Apache Hadoop, and secured by the Apache Knox Gateway via the HTTP/REST API.
Authorization
Fine-grained access control provides flexibility in defining policies...
on the folder and file level, via HDFS
on the database, table and column level, via Hive
on the table, column family and column level, via HBase
Audit
Controls access into the system via extensive user access auditing in HDFS, Hive and HBase at...
IP address
Resource/resource type
Timestamp
Access granted or denied
Data Protection
Provided by wire encryption, volume encryption and (via HDFS TDE and Hortonworks partners) file/column encryption
Ranger security administration spans the four aspects of security:
This Security Guide focuses on the following topics:
Kerberos security
Wire encryption data protection
For information about configuring and using other aspects of HDP security, see:
Component installation documentation for your cluster (Ambari or non-Ambari)