You can enforce authorization for the following HDFS web UIs: the NameNode, DataNode,
and JournalNode.
You must have Kerberos authentication for HTTP web consoles
and Hadoop Secure Authorization enabled. When both configurations are set, only the
hdfs user can access the HDFS web UIs by default. Any other user
who attempts to access the web UI will encounter an error because the user is not
authorized to access the page.
For users and groups other than hdfs
to access the web UIs, you must add them to hdfs-site.xml with an
HDFS Service Advanced Configuration Snippet (Safety
Valve).
In the Cloudera Manager Admin Console, go to Clusters > <HDFS service>.
Navigate to the Configurations tab and search for the
following property: HDFS Service Advanced
Configuration Snippet (Safety Valve) for hdfs-site.xml.
Add a value for the dfs.cluster.administrators property.
For example, a sample property might look like this:
Name:dfs.cluster.administrators
Value:hdfs,admin_user_milton,HTTP,hue,admin_group
For example, a sample property might look like this:
Name:dfs.cluster.administrators
Value:hdfs,admin_user_milton,HTTP,hue,admin_group
These values would allow the users hdfs,
admin_user_milton, HTTP, and
hue as well as the group admin_group
to the following web UIs: NameNode, DataNode, and JournalNode.
