Hadoop Security Guide
Also available as:
PDF
loading table of contents...

Create a Storm Policy

To add a new policy to an existing Storm service:

  1. On the Service Manager page, select an existing service under Storm.

    service_name

    The List of Policies page appears.

    List of Policies page
  2. Click Add New Policy.

    Add New Policy button

    The Create Policy console appears.

    Storm Policy Creation Console
  3. Complete the Create Policy page as follows:

    Table 3.49. Policy Details

    Label

    Description

    Policy NameEnter an appropriate policy name. This name is cannot be duplicated across the system. This field is mandatory.
    Storm TopologyEnter an appropriate Topology Name.
    Description(Optional) Describe the purpose of the policy.
    Audit LoggingSpecify whether this policy is audited. (De-select to disable auditing).


    Table 3.50. User and Group Permissions

    Label

    Description

    Select Group Specify the group to which this policy applies. To designate the group as an Administrator for the chosen resource, specify Admin permissions. (Administrators can create child policies based on existing policies).
    Select UserSpecify a particular user to which this policy applies (outside of an already-specified group) OR designate a particular user as Admin for this policy. (Administrators can create child policies based on existing policies).
    PermissionsAdd or edit permissions: Read, Write, Create, Admin, Select/Deselect All.
    Delegate AdminWhen a policy is assigned to a user or a group of users those users become the delegated admin. The delegated admin can update, delete the policies. It can also create child policies based on the original policy (base policy).


    Since Storm does not provide a command line methodology for assigning privileges or roles to users, the User and Group Permissions portion of the Storm Create Policy form is especially important.

    Table 3.51. Knox User and Group Permissions

    ActionsDescription
    File uploadAllows a user to upload files.
    Get Nimbus ConfAllows a user to access Nimbus configurations.
    Get Cluster InfoAllows a user to get cluster information.
    File DownloadAllows a user to download files.
    Kill TopologyAllows a user to kill the topology.
    RebalanceAllows a user to rebalance topologies.
    ActivateAllows a user to activate a topology.
    DeactivateAllows a user to deactivate a topology.
    Get Topology ConfAllows a user to access a topology configuration.
    Get TopologyAllows a user to access a topology.
    Get User TopologyAllows a user to access a user topology.
    Get Topology InfoAllows a user to access topology information.
    Upload New CredentialAllows a user to upload a new credential.
    AdminProvides a user with delegated admin access.

    Wild cards can be included in the resource path, in the database name, the table name, or column name:

    • * indicates zero or more occurrences of characters

    • ? indicates a single character

  4. Click Add.

    the green Add button