Cloudera DataFlow security

As a security administrator, understand the out-of-the box security features as well as the tasks that you need to perform to authorize Cloudera Public Cloud users.

Cloudera Public Cloud provides the following security features:
  • User authentication
  • Role-based user authorization
  • Data encryption
You must assign roles to Cloudera Public Cloud users based on their Cloudera DataFlow job responsibilities.

User authentication

Users are automatically authenticated through the Cloudera Public Cloud identity provider. For more information, see Cloudera Public Cloud Security Overview.

Role-based user authorization

Cloudera DataFlow roles allow you to set user permissions. Through these permissions you can define actions a user or group is allowed to perform and you can also scope the resources a they can perform those actions on.

For more information on the Cloudera DataFlow roles, see Cloudera DataFlow Authorization.

Data encryption

Cloudera Public Cloud encrypts data at rest and in motion.

Data at rest
When you import a flow definition, the flow definition is encrypted and stored in the Cloudera DataFlow Catalog. Cloudera DataFlow Catalog is a service that enables you to manage flow definitions centrally.
Data in transit
When you deploy a flow, the encrypted flow definition is transferred to your cloud account where it is decrypted and deployed. During a flow deployment, data can be transferred between servers, systems, applications, and users. Every transfer is a secure and trusted exchange through TLS. Through cryptographic protocols, TLS encrypts and authenticates:
  • The flow definition from the Cloudera DataFlow Catalog to a Cloudera DataFlow environment.
  • The connections from the user's browser to the Cloudera DataFlow service.
  • The communication between the Cloudera DataFlow service and other services in the Cloudera Public Cloud Control Plane.
  • The communication between the Cloudera Public Cloud Control Plane services and environment services.
  • The communication between the Cloudera DataFlow service, flows, and shared services within an environment.