Configure Atlas file-based authentication

How to manage Atlas user authentication when using user credentials from a file.

Atlas uses file-based authentication to allow a smooth installation experience: the installation process allows you to set an admin user who then has access to all Atlas operations. These steps describe two of the most likely tasks you would perform related to file-based authentication for Atlas:

Add to the list of authorized users for use in a non-production environment
Disable file-based authorization when you transition to a production-quality authentication method, such as Kerberos or Kerberos and a version of LDAP

To add to the users list

In Cloudera Manager, select the Atlas service, then open the Instances tab.
Note the Hostname where the Atlas service is running. You'll need to be able to SSH into that host to update the user list.
Open the Configuration tab.
Type "file" in the search box to filter the property list.
Find and update the user file.
- Look for the location of the users-credentials.properties file as set in the Path to Credentials for File-based Login property.
  The default directory location indicated by ATLAS_USER_CREDENTIALS_CONF_PATH is the Atlas configuration directory in the Cloudera Runtime installation location, typically
```
/opt/cloudera/parcels/CDH-version/etc/atlas/conf.dist
```
- SSH into the Atlas host to edit the users file to include additional users in the format:
```
username=group::sha256-password-hash
```
  where the username is the string used in the login page, the group is one of ADMIN, DATA_STEWARD, or DATA_SCIENTIST, and the password is encoded with the sha256 encoding method. To generate a sha256 encrypted password, use:
```
echo -n string | sha256sum
```
  The output includes the hash followed by a space and a hyphen (-); include only the hash in the users file.
Restart the Atlas service.

To disable file-based authentication

In Cloudera Manager, select the Atlas service, then open the Configuration tab.
To display the authentication settings, type "file" in the Search box.
To disable file-based authentication, uncheck the option Enable File Authentication.
Click Save Changes.
Restart the Atlas service.