Hadoop Security Guide
Also available as:
PDF
loading table of contents...

Authorization

Ranger manages fine-grained access control through a rich user interface that ensures consistent policy administration across Hadoop data access components. Security administrators have the flexibility to define security policies for a database, table and column, or a file, and can administer permissions for specific LDAP-based groups or individual users. Rules based on dynamic conditions such as time or geolocation, can also be added to an existing policy rule. The Ranger authorization model is highly pluggable and can be easily extended to any data source using a service-based definition.

Administrators can use Ranger to define a centralized security policy for the following Hadoop components:

  • HDFS

  • YARN

  • Hive

  • HBase

  • Storm

  • Knox

  • Solr

  • Kafka

Ranger works with standard authorization APIs in each Hadoop component, and is able to enforce centrally administered policies for any method used to access the data lake.

Ranger Security Policy Definitions

Ranger provides administrators with deep visibility into the security administration process that is required for auditing purposes. The combination of Ranger’s rich user interface with deep audit visibility makes it highly intuitive to use, enhancing productivity for security administrators.

Ranger Security Policy Overview