This is the documentation for Cloudera Manager 5.1.x. Documentation for other versions is available at Cloudera Documentation.

Configuring Authorization in Cloudera Manager

Authorization is concerned with who or what has access or control over a given resource or service. Since Hadoop merges together the capabilities of multiple varied, and previously separate IT systems as an enterprise data hub that stores and works on all data within an organization, it requires multiple authorization controls with varying granularities.

In such cases, Hadoop management tools simplify setup and maintenance by:

Tying all users to groups, which can be specified in existing LDAP or AD directories.
Providing role-based access control for similar interaction methods, like batch and interactive SQL queries. For example, Apache Sentry permissions apply to Hive (HiveServer2) and Impala.

Cloudera Manager currently provides the following forms of access control:

Traditional POSIX-style permissions for directories and files, where each directory and file is assigned a single owner and group. Each assignment has a basic set of permissions available; file permissions are simply read, write, and execute, and directories have an additional permission to determine access to child directories.
Extended Access Control Lists that provide fine-grained control of permissions for HDFS files by allowing you to set different permissions for specific named users and/or named groups.
Role-based access control with Apache Sentry. As of Cloudera Manager 5.1.x, Sentry permissions can be configured using either policy files or the database-backed Sentry service.
- The Sentry service is the preferred way to set up Sentry permissions. See The Sentry Service for more information.
- For the policy file approach to configuring Sentry, see Sentry for Policy File-Based Hive Authorization.

Page generated September 3, 2015.