What is Authorization (AuthZ)? Identity and Access Management in HDFS
A user authorization is defined through one of the below method:
Permission are disabled by default.
dfs.permissions.enabled If “true”, enable permission checking in HDFS. If “false”, permission checking is turned off, but all other behavior is unchanged. Switching from one parameter value to the other does not change the mode, owner or group of files or directories.
hdfs getconf -confKey dfs.permissions.enabled
false
dfs.permissions.superusergroup The name of the group of super-users. The value should be a single group name.
hdfs getconf -confKey dfs.permissions.superusergroup
hdfs
dfs.cluster.administrators ACL for the admins, this configuration is used to control which user can access the default servlets in the namenode, etc.
Value Syntax:
[user1,user2,...userN] [group1,group2,...groupN]
where:
Example: