HDFS - Permissions (Authorization)

Yarn Hortonworks


What is Authorization (AuthZ)? Identity and Access Management in HDFS


A user authorization is defined through one of the below method:

Permission are disabled by default.



dfs.permissions.enabled If “true”, enable permission checking in HDFS. If “false”, permission checking is turned off, but all other behavior is unchanged. Switching from one parameter value to the other does not change the mode, owner or group of files or directories.

hdfs getconf -confKey dfs.permissions.enabled



dfs.permissions.superusergroup The name of the group of super-users. The value should be a single group name.

hdfs getconf -confKey dfs.permissions.superusergroup


dfs.cluster.administrators ACL for the admins, this configuration is used to control which user can access the default servlets in the namenode, etc.

Value Syntax:

  • The value should be a comma separated list of users and groups.
[user1,user2,...userN] [group1,group2,...groupN]


  • The user list comes first
  • The user and group list are separated by a space
  • Users and groups are optional
  • * grants access to all users and groups, e.g. *, * and * are all valid.


  • user1,user2 group1,group2.
  • user1, group1, , user1 group1, user1,user2 group1,group2 are all valid

Documentation / Reference

Discover More
Yarn Hortonworks
HDFS - (User) Authentication, Identification

in HDFS. See also: adminusers User identity mechanism is specified by the configuration property: hadoop.security.authentication simple: same as OS kerberos The user is the Linux user....
Yarn Hortonworks

POSIX style permissions/HDFS ACLs in HDFS is one authorization method . By default, ACLs are disabled. dfs.namenode.acls.enabled - Set to true to enable support for HDFS ACLs (Access Control...
Yarn Hortonworks
HDFS - User

User management in HDFS See: List group of a user See The default administrator user is hdfs. The default administrator group is hdfs.
Yarn Hortonworks
HDFS - User Group

User group List group of a user. id -Gn userName List group of all users. fs.default.nameazure wasb where: tail -n +2 suppress the first line awk '{print }' print only the directory...
Yarn Hortonworks
Hadoop - Ranger (Security)

Apache Ranger provides security to deliver monitor, manage data security to Hadoop clusters. It provides a centralized platform define, administer & manage security policies in Hadoop. If a policy...

Share this page:
Follow us:
Task Runner