Access Control and Governance

CDP One access control and governance is managed by a shared set of security services. You must have the Security Admin role in order to access the CDP One security services.

Ranger access control and auditing

Ranger manages access control through a user interface that ensures consistent policy administration across cluster services.

Security administrators can define security policies at the database, table, column, and file levels, and can administer permissions for groups or individual users. Rules based on dynamic conditions such as time or geolocation can also be added to an existing policy rule. Ranger security zones enable you to organize service resources into multiple security zones.

Ranger also provides a centralized framework for collecting access audit history and reporting data, including filtering on various parameters.

Atlas metadata management and governance

Atlas provides a set of metadata management and governance services that enable you to manage cluster assets.

  • Search and Proscriptive Lineage – facilitates pre-defined and ad hoc exploration of data and metadata, while maintaining a history of data sources and how specific data was generated.
  • Ranger plugin for metadata-driven data access control.
  • Flexible modeling of both business and operational data.
  • Data Classification – helps you understand the nature of the data within Hadoop and classify it based on external and internal sources.