Enable authorization for additional HDFS web UIs

You can enforce authorization for the following HDFS web UI servlets, which may contain sensitive data: /jmx, /stack, /conf, and /metrics. When you enforce authorization for the servlets, only the users listed in the dfs.cluster.administrators property can access them.

Cloudera Manager requires access to the /jmx and /metrics servlets and uses the HTTP user as well as the Service Monitor Kerberos Principal to access them. Make sure to add both users to dfs.cluster.administrators, as mentioned in Enable authorization for HDFS web UIs.
  1. In the Cloudera Manager Admin Console, go to Clusters > <HDFS service>.
  2. Navigate to the Configurations tab and search for the following property: HDFS Service Advanced Configuration Snippet (Safety Valve) for hdfs-site.xml.
  3. Add the hadoop.security.instrumentation.requires.admin property and set its value to true.
  4. Save the configuration.
  5. Restart all stale HDFS services.