About
What is Authorization (AuthZ)? Identity and Access Management in HDFS
Articles Related
Method
A user authorization is defined through one of the below method:
- POSIX style permissions/HDFS ACLs
- Apache Knox (Authentication Services)
Permission are disabled by default.
Management
Enable
dfs.permissions.enabled If “true”, enable permission checking in HDFS. If “false”, permission checking is turned off, but all other behavior is unchanged. Switching from one parameter value to the other does not change the mode, owner or group of files or directories.
hdfs getconf -confKey dfs.permissions.enabled
false
Admin
Group
dfs.permissions.superusergroup The name of the group of super-users. The value should be a single group name.
hdfs getconf -confKey dfs.permissions.superusergroup
hdfs
Users
dfs.cluster.administrators ACL for the admins, this configuration is used to control which user can access the default servlets in the namenode, etc.
Value Syntax:
- The value should be a comma separated list of users and groups.
[user1,user2,...userN] [group1,group2,...groupN]
where:
- The user list comes first
- The user and group list are separated by a space
- Users and groups are optional
- * grants access to all users and groups, e.g. *, * and * are all valid.
Example:
- user1,user2 group1,group2.
- user1, group1, , user1 group1, user1,user2 group1,group2 are all valid