10-27-2017 05:04 AM
We gone through the Hadoop security document of Centrify and we wanted to know if it suits our needs.
we would really appreciate if you could help us with below questions.
1) can we control the HDFS file system and setup the ACL on user/Group using Centrify
2) can we setup a roles on hive,hdfs and impala using Centrify like Apache Sentry.
* Role ex: Only select access on hive database, RW access on HDFS directory.
Solved! Go to Solution.
10-27-2017 06:38 AM
The document online is probably a bit dated. We have an updated version based on the latest Cloudera/Centrify versions if you'd like.
Per your questions:
1) Centrify provides a PAM (authentication) module for Active Directory. Select users and groups can be enumerated by the operating system and HDFS will take the values from the OS. Nothing really changes on the Hadoop side other than where the account originates from.
2) Centrify also includes a role-based authorization platform called DirectAuthorize. This allows you to create policy for least privielge command elevation at the OS level. Sentry or Ranger would still be used to create role-based access to application layer data though you'd now be able to utilize Active Directory groups enumerated through Centrify to grant access.
Hope that helps. If you have any more questions or would like to setup a call to discuss, just let us know.