Key Trustee KMS operations not supported by Ranger KMS

The following Key Trustee KMS operations are not supported by Ranger KMS.

  • hadoop.kms.acl.<OPERATION>

    The ACLs mentioned below are ignored by Ranger KMS because these ACLs are not migrated to the Ranger KMS policy.

    hadoop.kms.acl.CREATE
    hadoop.kms.acl.DELETE
    hadoop.kms.acl.ROLLOVER
    hadoop.kms.acl.GET
    hadoop.kms.acl.GET_KEYS
    hadoop.kms.acl.GET_METADATA
    hadoop.kms.acl.SET_KEY_MATERIAL
    hadoop.kms.acl.GENERATE_EEK
    hadoop.kms.acl.DECRYPT_EEK
  • keytrustee.kms.acl.<OPERATION>

    The ACLs mentioned below are Key Trustee-specific ACLs. These ACLs are ignored by Ranger KMS because they are not migrated to the Ranger KMS policy. Also, these ACLs are not supported by Hadoop KMS.

    keytrustee.kms.acl.UNDELETE
    keytrustee.kms.acl.PURGE