Soumettre la recherche
Mettre en ligne
Apache Hadoop Security - Ranger
•
Télécharger en tant que PPTX, PDF
•
7 j'aime
•
2,874 vues
Isheeta Sanghi
Suivre
Slides on Apache Hadoop Security - Ranger
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 25
Télécharger maintenant
Recommandé
Apache Ranger
Apache Ranger
Rommel Garcia
Securing Hadoop with Apache Ranger
Securing Hadoop with Apache Ranger
DataWorks Summit
Overview of new features in Apache Ranger
Overview of new features in Apache Ranger
DataWorks Summit
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
DataWorks Summit
Hadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache Knox
Vinay Shukla
Security and Data Governance using Apache Ranger and Apache Atlas
Security and Data Governance using Apache Ranger and Apache Atlas
DataWorks Summit/Hadoop Summit
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox Gateway
DataWorks Summit
Apache NiFi in the Hadoop Ecosystem
Apache NiFi in the Hadoop Ecosystem
DataWorks Summit/Hadoop Summit
Recommandé
Apache Ranger
Apache Ranger
Rommel Garcia
Securing Hadoop with Apache Ranger
Securing Hadoop with Apache Ranger
DataWorks Summit
Overview of new features in Apache Ranger
Overview of new features in Apache Ranger
DataWorks Summit
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
DataWorks Summit
Hadoop Security Today & Tomorrow with Apache Knox
Hadoop Security Today & Tomorrow with Apache Knox
Vinay Shukla
Security and Data Governance using Apache Ranger and Apache Atlas
Security and Data Governance using Apache Ranger and Apache Atlas
DataWorks Summit/Hadoop Summit
Hadoop REST API Security with Apache Knox Gateway
Hadoop REST API Security with Apache Knox Gateway
DataWorks Summit
Apache NiFi in the Hadoop Ecosystem
Apache NiFi in the Hadoop Ecosystem
DataWorks Summit/Hadoop Summit
Hadoop Security Architecture
Hadoop Security Architecture
Owen O'Malley
Hudi architecture, fundamentals and capabilities
Hudi architecture, fundamentals and capabilities
Nishith Agarwal
Managing enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystem
DataWorks Summit
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
Databricks
Building Lakehouses on Delta Lake with SQL Analytics Primer
Building Lakehouses on Delta Lake with SQL Analytics Primer
Databricks
Apache Sentry for Hadoop security
Apache Sentry for Hadoop security
bigdatagurus_meetup
Data Lakehouse Symposium | Day 4
Data Lakehouse Symposium | Day 4
Databricks
Tag based policies using Apache Atlas and Ranger
Tag based policies using Apache Atlas and Ranger
Vimal Sharma
A Thorough Comparison of Delta Lake, Iceberg and Hudi
A Thorough Comparison of Delta Lake, Iceberg and Hudi
Databricks
SQL Analytics Powering Telemetry Analysis at Comcast
SQL Analytics Powering Telemetry Analysis at Comcast
Databricks
Dataflow with Apache NiFi
Dataflow with Apache NiFi
DataWorks Summit/Hadoop Summit
Data platform modernization with Databricks.pptx
Data platform modernization with Databricks.pptx
CalvinSim10
File Format Benchmark - Avro, JSON, ORC & Parquet
File Format Benchmark - Avro, JSON, ORC & Parquet
DataWorks Summit/Hadoop Summit
Apache Atlas: Tracking dataset lineage across Hadoop components
Apache Atlas: Tracking dataset lineage across Hadoop components
DataWorks Summit/Hadoop Summit
Hive, Impala, and Spark, Oh My: SQL-on-Hadoop in Cloudera 5.5
Hive, Impala, and Spark, Oh My: SQL-on-Hadoop in Cloudera 5.5
Cloudera, Inc.
Architect’s Open-Source Guide for a Data Mesh Architecture
Architect’s Open-Source Guide for a Data Mesh Architecture
Databricks
Intro to Delta Lake
Intro to Delta Lake
Databricks
Scaling your Data Pipelines with Apache Spark on Kubernetes
Scaling your Data Pipelines with Apache Spark on Kubernetes
Databricks
OpenShift Container Platform 4.12 Release Notes
OpenShift Container Platform 4.12 Release Notes
GerryJamisola1
Transparent Encryption in HDFS
Transparent Encryption in HDFS
DataWorks Summit
Hadoop security
Hadoop security
Shivaji Dutta
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
huguk
Contenu connexe
Tendances
Hadoop Security Architecture
Hadoop Security Architecture
Owen O'Malley
Hudi architecture, fundamentals and capabilities
Hudi architecture, fundamentals and capabilities
Nishith Agarwal
Managing enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystem
DataWorks Summit
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
Databricks
Building Lakehouses on Delta Lake with SQL Analytics Primer
Building Lakehouses on Delta Lake with SQL Analytics Primer
Databricks
Apache Sentry for Hadoop security
Apache Sentry for Hadoop security
bigdatagurus_meetup
Data Lakehouse Symposium | Day 4
Data Lakehouse Symposium | Day 4
Databricks
Tag based policies using Apache Atlas and Ranger
Tag based policies using Apache Atlas and Ranger
Vimal Sharma
A Thorough Comparison of Delta Lake, Iceberg and Hudi
A Thorough Comparison of Delta Lake, Iceberg and Hudi
Databricks
SQL Analytics Powering Telemetry Analysis at Comcast
SQL Analytics Powering Telemetry Analysis at Comcast
Databricks
Dataflow with Apache NiFi
Dataflow with Apache NiFi
DataWorks Summit/Hadoop Summit
Data platform modernization with Databricks.pptx
Data platform modernization with Databricks.pptx
CalvinSim10
File Format Benchmark - Avro, JSON, ORC & Parquet
File Format Benchmark - Avro, JSON, ORC & Parquet
DataWorks Summit/Hadoop Summit
Apache Atlas: Tracking dataset lineage across Hadoop components
Apache Atlas: Tracking dataset lineage across Hadoop components
DataWorks Summit/Hadoop Summit
Hive, Impala, and Spark, Oh My: SQL-on-Hadoop in Cloudera 5.5
Hive, Impala, and Spark, Oh My: SQL-on-Hadoop in Cloudera 5.5
Cloudera, Inc.
Architect’s Open-Source Guide for a Data Mesh Architecture
Architect’s Open-Source Guide for a Data Mesh Architecture
Databricks
Intro to Delta Lake
Intro to Delta Lake
Databricks
Scaling your Data Pipelines with Apache Spark on Kubernetes
Scaling your Data Pipelines with Apache Spark on Kubernetes
Databricks
OpenShift Container Platform 4.12 Release Notes
OpenShift Container Platform 4.12 Release Notes
GerryJamisola1
Transparent Encryption in HDFS
Transparent Encryption in HDFS
DataWorks Summit
Tendances
(20)
Hadoop Security Architecture
Hadoop Security Architecture
Hudi architecture, fundamentals and capabilities
Hudi architecture, fundamentals and capabilities
Managing enterprise users in Hadoop ecosystem
Managing enterprise users in Hadoop ecosystem
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
Running Apache Spark on Kubernetes: Best Practices and Pitfalls
Building Lakehouses on Delta Lake with SQL Analytics Primer
Building Lakehouses on Delta Lake with SQL Analytics Primer
Apache Sentry for Hadoop security
Apache Sentry for Hadoop security
Data Lakehouse Symposium | Day 4
Data Lakehouse Symposium | Day 4
Tag based policies using Apache Atlas and Ranger
Tag based policies using Apache Atlas and Ranger
A Thorough Comparison of Delta Lake, Iceberg and Hudi
A Thorough Comparison of Delta Lake, Iceberg and Hudi
SQL Analytics Powering Telemetry Analysis at Comcast
SQL Analytics Powering Telemetry Analysis at Comcast
Dataflow with Apache NiFi
Dataflow with Apache NiFi
Data platform modernization with Databricks.pptx
Data platform modernization with Databricks.pptx
File Format Benchmark - Avro, JSON, ORC & Parquet
File Format Benchmark - Avro, JSON, ORC & Parquet
Apache Atlas: Tracking dataset lineage across Hadoop components
Apache Atlas: Tracking dataset lineage across Hadoop components
Hive, Impala, and Spark, Oh My: SQL-on-Hadoop in Cloudera 5.5
Hive, Impala, and Spark, Oh My: SQL-on-Hadoop in Cloudera 5.5
Architect’s Open-Source Guide for a Data Mesh Architecture
Architect’s Open-Source Guide for a Data Mesh Architecture
Intro to Delta Lake
Intro to Delta Lake
Scaling your Data Pipelines with Apache Spark on Kubernetes
Scaling your Data Pipelines with Apache Spark on Kubernetes
OpenShift Container Platform 4.12 Release Notes
OpenShift Container Platform 4.12 Release Notes
Transparent Encryption in HDFS
Transparent Encryption in HDFS
Similaire à Apache Hadoop Security - Ranger
Hadoop security
Hadoop security
Shivaji Dutta
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
huguk
Building a data-driven authorization framework
Building a data-driven authorization framework
DataWorks Summit
An Approach for Multi-Tenancy Through Apache Knox
An Approach for Multi-Tenancy Through Apache Knox
DataWorks Summit/Hadoop Summit
Dynamic Column Masking and Row-Level Filtering in HDP
Dynamic Column Masking and Row-Level Filtering in HDP
Hortonworks
Treat your enterprise data lake indigestion: Enterprise ready security and go...
Treat your enterprise data lake indigestion: Enterprise ready security and go...
DataWorks Summit
Saving the elephant—now, not later
Saving the elephant—now, not later
DataWorks Summit
August 2014 HUG : Comprehensive Security for Hadoop
August 2014 HUG : Comprehensive Security for Hadoop
Yahoo Developer Network
Is your Enterprise Data lake Metadata Driven AND Secure?
Is your Enterprise Data lake Metadata Driven AND Secure?
DataWorks Summit/Hadoop Summit
Classification based security in Hadoop
Classification based security in Hadoop
Madhan Neethiraj
Curb your insecurity with HDP - Tips for a Secure Cluster
Curb your insecurity with HDP - Tips for a Secure Cluster
ahortonworks
Apache Atlas: Governance for your Data
Apache Atlas: Governance for your Data
DataWorks Summit/Hadoop Summit
TriHUG October: Apache Ranger
TriHUG October: Apache Ranger
trihug
Data Governance in Apache Falcon - Hadoop Summit Brussels 2015
Data Governance in Apache Falcon - Hadoop Summit Brussels 2015
Seetharam Venkatesh
Enterprise Data Classification and Provenance
Enterprise Data Classification and Provenance
DataWorks Summit/Hadoop Summit
Driving Enterprise Data Governance for Big Data Systems through Apache Falcon
Driving Enterprise Data Governance for Big Data Systems through Apache Falcon
DataWorks Summit
Fortifying Multi-Cluster Hybrid Cloud Data Lakes using Apache Knox
Fortifying Multi-Cluster Hybrid Cloud Data Lakes using Apache Knox
DataWorks Summit
Improvements in Hadoop Security
Improvements in Hadoop Security
DataWorks Summit
Hdp security overview
Hdp security overview
Hortonworks
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
DataWorks Summit
Similaire à Apache Hadoop Security - Ranger
(20)
Hadoop security
Hadoop security
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Apache Argus - How do I secure my entire Hadoop cluster? Olivier Renault @ Ho...
Building a data-driven authorization framework
Building a data-driven authorization framework
An Approach for Multi-Tenancy Through Apache Knox
An Approach for Multi-Tenancy Through Apache Knox
Dynamic Column Masking and Row-Level Filtering in HDP
Dynamic Column Masking and Row-Level Filtering in HDP
Treat your enterprise data lake indigestion: Enterprise ready security and go...
Treat your enterprise data lake indigestion: Enterprise ready security and go...
Saving the elephant—now, not later
Saving the elephant—now, not later
August 2014 HUG : Comprehensive Security for Hadoop
August 2014 HUG : Comprehensive Security for Hadoop
Is your Enterprise Data lake Metadata Driven AND Secure?
Is your Enterprise Data lake Metadata Driven AND Secure?
Classification based security in Hadoop
Classification based security in Hadoop
Curb your insecurity with HDP - Tips for a Secure Cluster
Curb your insecurity with HDP - Tips for a Secure Cluster
Apache Atlas: Governance for your Data
Apache Atlas: Governance for your Data
TriHUG October: Apache Ranger
TriHUG October: Apache Ranger
Data Governance in Apache Falcon - Hadoop Summit Brussels 2015
Data Governance in Apache Falcon - Hadoop Summit Brussels 2015
Enterprise Data Classification and Provenance
Enterprise Data Classification and Provenance
Driving Enterprise Data Governance for Big Data Systems through Apache Falcon
Driving Enterprise Data Governance for Big Data Systems through Apache Falcon
Fortifying Multi-Cluster Hybrid Cloud Data Lakes using Apache Knox
Fortifying Multi-Cluster Hybrid Cloud Data Lakes using Apache Knox
Improvements in Hadoop Security
Improvements in Hadoop Security
Hdp security overview
Hdp security overview
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
Bridle your Flying Islands and Castles in the Sky: Built-in Governance and Se...
Plus de Isheeta Sanghi
Apache NiFi- MiNiFi meetup Slides
Apache NiFi- MiNiFi meetup Slides
Isheeta Sanghi
Log Analytics Optimization
Log Analytics Optimization
Isheeta Sanghi
Integrating Apache NiFi and Apache Flink
Integrating Apache NiFi and Apache Flink
Isheeta Sanghi
Integrating Apache NiFi and Apache Flink
Integrating Apache NiFi and Apache Flink
Isheeta Sanghi
Integrating Apache NiFi and Apache Flink
Integrating Apache NiFi and Apache Flink
Isheeta Sanghi
Beyond Messaging Enterprise Dataflow powered by Apache NiFi
Beyond Messaging Enterprise Dataflow powered by Apache NiFi
Isheeta Sanghi
Spark + Hadoop Perfect together
Spark + Hadoop Perfect together
Isheeta Sanghi
Plus de Isheeta Sanghi
(7)
Apache NiFi- MiNiFi meetup Slides
Apache NiFi- MiNiFi meetup Slides
Log Analytics Optimization
Log Analytics Optimization
Integrating Apache NiFi and Apache Flink
Integrating Apache NiFi and Apache Flink
Integrating Apache NiFi and Apache Flink
Integrating Apache NiFi and Apache Flink
Integrating Apache NiFi and Apache Flink
Integrating Apache NiFi and Apache Flink
Beyond Messaging Enterprise Dataflow powered by Apache NiFi
Beyond Messaging Enterprise Dataflow powered by Apache NiFi
Spark + Hadoop Perfect together
Spark + Hadoop Perfect together
Dernier
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
MIND CTI
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
The Digital Insurer
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Dernier
(20)
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Apache Hadoop Security - Ranger
1.
Page1 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Apache Hadoop Security: Ranger Sep 16, 2015 Madhan Neethiraj
2.
Page2 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Agenda Control access into system Flexibility in defining policies • Authorization & Auditing with Ranger • Centralized security administration for HDFS, Hive, HBase, Knox, Strom, YARN, Kafka, Solr, .. • Audit logs to Solr, HDFS, RDBMS, Log4j, .. • Extensible Architecture – custom conditions, context enrichers, easier addition of new components
3.
Page3 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Security in Hadoop Authentication Authenticate users and systems Apache Knox, Native Kerberos Authorization Provision access to data Apache Ranger Audit Maintain a record of data access Apache Ranger, Hadoop native audit Data Protection Protect data at rest and in motion HDFS encryption + Ranger KMS, Vendor solutions Administration Central management & consistent security Apache Ranger
4.
Page4 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Authorization and Auditing with Ranger HBase Ranger Administration Portal HDFS Hive Server2 Ranger Policy Store Ranger Audit Store Ranger Plugin Hadoop Components Enterpris e Users Log4j Knox Storm RDBMS YARN Kafka Solr HDFS Solr Ranger Plugin Ranger Plugin Ranger Plugin Ranger Plugin Ranger Plugin Ranger Plugin Ranger Plugin
5.
Page5 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Central Security Administration Apache Ranger • Delivers a ‘single pane of glass’ for the security administrator • Centralizes administration of security policy • Ensures consistent coverage across the entire Hadoop stack
6.
Page6 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Ranger Authorization Ranger Plugins authorize access to resources in following Hadoop components: Component Resources Access Types HDFS Files/Directories Read, Write, Execute Hive Databases, Tables, Columns Create, Alter, Drop, Select, Update, All HBase Tables, Column-Families, Columns Read, Write, Create, Admin Knox Topologies, Services Allow Storm Topologies Topology: submit/activate/deactivate/reblance/kill/get/get- info/get-user/get-conf, File: upload/download, Get Nimbus Conf YARN Queues Submit-application, Admin-queue Kafka Topics Publish, Consume, Configure, Describe, Admin Solr Collections Query, Update, Others, Admin
7.
Page7 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Ranger Auditing • Ranger plugins generate detailed audit logs for accesses to protected resources. Audit logs include details like: user, resource, type of access, time of access, client IP address, access-result, ID of the policy that allowed/denied the access • Audit logs to one or more destinations – Solr, HDFS, RDBMS, Log4j, ... • Interactive view of audit logs using Ranger Admin
8.
Page8 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Ranger Policy - Hive Allow Marketing group users ‘select’ access on few columns in customer_details table
9.
Page9 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Ranger Policy - HDFS Allow Marketing group users to access /demo/data/Customer* directories and files
10.
Page10 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Ranger Policy - Kafka Allow Marketing group users to access Marketing topic
11.
Page11 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Extensible Architecture
12.
Page12 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Extensibility: Ranger Stacks • Customers and partners can easily add Ranger authorization and auditing support for new components • Describe component details (like resource structure, access-types) in JSON and register with Ranger • Implement component authorizer to authorize resource accesses using Ranger policy engine • Ranger Admin provides UI for policy administration, based on component details in registered JSON
13.
Page13 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Extensibility: Ranger Stacks - example
14.
Page14 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Extensibility: Dynamic Policy Conditions • Provides ability to evaluate custom conditions to drive authorization decisions • Custom conditions can evaluate various data available in the request – like user, groups, resource, IP-address, context, etc. • Register custom conditions via component description JSON • Ranger Admin provides UI to specify condition values to be satisfied Allow accesses from 10.0.2.* IP addresses only!
15.
Page15 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Extensibility: Dynamic Policy Conditions - sample • Register the custom condition in the component description JSON: • Implement the custom condition and make it available to Ranger plugin: • Ranger Policy Engine will call the custom condition while evaluating policies
16.
Page16 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Extensibility: Context Enrichers • Provides ability to add context data to access requests • Context data added can be used by condition evaluators to drive authorization decisions • An example: from the client IP address in the request, a context enricher adds location data (like COUNTRY, STATE, CITY, AREA-CODE) to the request context. A custom condition can then restrict access depending upon the location data in the context. • Context enrichers should be specified in component description JSON
17.
Page17 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Extensibility: Context Enrichers - sample • Register the context enrichers in the component description JSON: • Implement the context enricher and make it available to Ranger plugin: • Ranger Policy Engine will call all registered context enrichers before evaluating policies
18.
Page18 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Extensibility: Context Enricher + Condition - sample • Implement a custom condition that verifies that the access is from specified countries only: • Register the custom condition in the component description JSON • On receiving authorization request, Ranger Policy Engine calls LocationDataProviderEnricher enricher, which adds location data to the request. • When evaluating policies, Ranger Policy Engine calls LocationCountryCondition, which allows accesses only from the countries specified in the policy
19.
Page19 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved In Development: allow/deny/exceptions in policies • Ability to explicitly deny access to resources • Ability to allow/deny access to a wider group, like employees/public, but specify exceptions to a subset, like part-time employees/vendors/ip- addresses, etc. • Policy evaluation order: • All deny-policies for the resource are evaluated first • If the request matches a deny-policy, and not its deny-exceptions, access will be denied • If the request is not denied by deny-policies, allow-policies will be evaluated • If the request matches an allow-policy, and not its allow-exceptions, access will be allowed • Development in tag-policy branch of Apache Ranger
20.
Page20 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Features under Development..
21.
Page21 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved In Development: allow/deny/exceptions in policies allow access to finance group and falcon user deny access from outside of Switzerland for everyone, except falcon user Policy to: - deny access from outside Switzerland to everyone, except falcon user - allow falcon user to access from anywhere - allow finance group users to access from Switzerland only
22.
Page22 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved In Development: tag-based policies • Ability authorize access based on tags associated with resources • A single tag-based policy, like for PII tag, to authorize access to resources across components – like HDFS, Hive, HBase, .. • Available to all components that use Ranger authorization • Similar policy structure as existing resource-based policies • API to integrate with tag providers – like Apache Atlas • Development in tag-policy branch of Apache Ranger
23.
Page23 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved In Development: tag-based policies Policy to authorize access to resources tagged as PII, in HDFS/Hive/HBase/Kafka/Solr, only to audit users
24.
Page24 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Apache Ranger: how to contribute? • Ranger Home Page - http://ranger.incubator.apache.org • Ranger Wiki - https://cwiki.apache.org/confluence/display/RANGER • Ranger JIRAs - https://issues.apache.org/jira/browse/RANGER • Project Mailing Lists • Users: user@ranger.incubator.apache.org • Developers: dev@ranger.incubator.apache.org • Commits: commits@ranger.incubator.apache.org
25.
Page25 © Hortonworks
Inc. 2011 – 2014. All Rights Reserved Q&A… Discussion
Notes de l'éditeur
4
Télécharger maintenant