Hadoop Security Guide
Also available as:
loading table of contents...

Chapter 1. Hadoop Security Features

Central security administration is provided through the the Apache Ranger console, which delivers a ‘single pane of glass’ for the security administrator. The console ensures consistent security policy coverage across the entire Hadoop stack.

Centralized security administration in a Hadoop environment has four aspects:

  • Authentication

    Effected by Kerberos in native Apache Hadoop, and secured by the Apache Knox Gateway via the HTTP/REST API.

  • Authorization

    Fine-grained access control provides flexibility in defining policies...

    • on the folder and file level, via HDFS

    • on the database, table and column level, via Hive

    • on the table, column family and column level, via HBase

  • Audit

    Controls access into the system via extensive user access auditing in HDFS, Hive and HBase at...

    • IP address

    • Resource/resource type

    • Timestamp

    • Access granted or denied

  • Data Protection

    Provided by wire encryption, volume encryption and (via HDFS TDE and Hortonworks partners) file/column encryption

Ranger security administration spans the four aspects of security:

This Security Guide focuses on the following topics:

  • Kerberos security

  • Wire encryption data protection

For information about configuring and using other aspects of HDP security, see: