Cloudera Data Flow security
As a security administrator, understand the out-of-the box security features as well as the tasks that you need to perform to authorize Cloudera on cloud users.
Cloudera on cloud provides the following security features:
- User authentication
- Role-based user authorization
- Data encryption
User authentication
Users are automatically authenticated through the Cloudera on cloud identity provider. For more information, see Cloudera on cloud Security Overview.
Role-based user authorization
Cloudera Data Flow roles allow you to set user permissions. Through these permissions you can define actions a user or group is allowed to perform and you can also scope the resources a they can perform those actions on.
For more information on the Cloudera Data Flow roles, see Cloudera Data Flow authorization.
Data encryption
Cloudera on cloud encrypts data at rest and in motion.
- Data at rest
- When you import a flow definition, the flow definition is encrypted and stored in the Cloudera Data Flow Catalog. Cloudera Data Flow Catalog is a service that enables you to manage flow definitions centrally.
- Data in transit
- When you deploy a flow, the encrypted flow definition is transferred to your cloud account where it is decrypted and deployed. During a flow deployment, data can be transferred between servers, systems, applications, and users. Every transfer is a secure and trusted exchange through TLS. Through cryptographic protocols, TLS encrypts and authenticates:
