KMS ACLs and Roles

Cloudera's framework for key management is based on enforcing a secure-by-default configuration based upon the KMS ACLs and roles described here.

Role Description Allowed To: Not Allowed To:
Key Administrators

The sole purpose of a Key Administrator is to create and manage keys. This user is whitelisted in a number of areas so that they can handle defined and undefined keys within the context of the KMS.

  • Create and manage encryption zone keys
  • Add, update, or otherwise modify ACLs that protect all encryption zone keys
HDFS Superusers

Responsible for HDFS administration, HDFS Superusers are not granted rights to decrypt data within encryption zones. Rather, they are authorized to only create zones and attach keys to those zones for the data sets that they manage. HDFS Superusers are usually also HDFS Superusers.

  • Create encryption zones
  • Manage, create, or read keys
  • Add, update, or otherwise modify ACLs that protect all keys
  • Decrypt EEKs
HDFS Service User

There is only one HDFS Service User; this is the user the HDFS service runs as within the Hadoop framework. HDFS Service Users are granted special permissions to generate keys (EEKs) that populate per encryption zone key caches.

  • Generate keys that are made available for use through the per encryption zone key caches
End Users

Producers and consumers of data who store or retrieve information within specific encryption zones.

  • Read and write in encrypted data spaces