Configuring KMS Access Control Lists (ACLs)

An Access Control List (ACL) is a list of specific permissions or controls that allow individual users, groups, a host, or applications to perform specific actions upon specific objects. The Hadoop KMS supports a range of ACLs that control access to encryption keys and key operations on a granular basis.

KMS ACLs indirectly impact data access by controlling key access, and are decoupled from HDFS file permissions and ACLs. KMS ACLs alone do not directly control data access. Instead, KMS ACLs control whether or not an authorized client can perform a specific operation on a named encryption key.

While KMS ACLs play a primary role in controlling encryption key security, it is important to understand that they are not the only mechanism by which access is controlled. A user's role also factors into the level of access.

Proper configuration of KMS ACLs depends on a variety of variables such as workload, CDP components in use, and how your clusters are configured. This documentation does not take into consideration or describe these outside variables. For details about your specific component's ACL behavior and requirements, refer to the product documentation for the CDP components in your configuration.