SlideShare a Scribd company logo

Apache ranger meetup

N
nvvrajesh

The document discusses the security landscape in Hadoop, focusing on the role and key features of Apache Ranger, which provides a centralized security framework for authentication, authorization, and auditing. It highlights the management and creation of policies for various components such as HDFS and Hive, as well as the use of audit logs for tracking access. Additionally, best practices for implementing Ranger with Hadoop's various components and tag-based policies are outlined.

Software
1 of 37
Downloaded 64 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Securing Hadoop using Ranger Raj Nadipalli Director Professional Services, Zaloni rnadipalli@zaloni.com 09.22.2016
Agenda Ø  Security Landscape in Hadoop Ø  Role of Ranger Ø  Ranger Key Features Ø  Demo Ø  Q&A
Overview
Security Landscape in Hadoop (open source) Authentication Who am I? AD/LDAP Kerberos Apache Knox Authorization What can I do? Apache Ranger Apache Sentry Audit What happened? Apache Ranger Data Protection SSL KMS
Ranger in a slide 5 Ø  Centralized security framework, authen*ca*on, audi*ng, data encryp*on and security Ø  Fine-grained access control over Hadoop Ø  Components Supported: HDFS, Hive, Hbase, Storm, YARN, Knox, KaCa, Solr Ø  Manage/Create policies using browser Ø  Manage Audit tracking and policy analy*cs in HDFS, RDMS or SOLR Ø  Supports governance with Tag based policies Ø  REST API’s for policy management automate, integrate and extend
Key Components of Ranger http://www.slideshare.net/RommelGarcia2/apache-ranger?qid=1150145e-a144-4603-9165- a09b2ae5ece0&v=&b=&from_search=4
Securing HDFS
Ranger in Action - HDFS http://www.slideshare.net/RommelGarcia2/apache-ranger?qid=1150145e-a144-4603-9165- a09b2ae5ece0&v=&b=&from_search=4
Ranger administration portal 9
List HDFS policies 10 Under HDFS policies we can view all the HDFS policies created and which user(s) / group(s) has access to which policies Actions delete / edit Policy Name Groups/users assigned to policies
Create HDFS policy 11 Under HDFS policy we can edit/create HDFS policies, this page shows how to create a policy at user level and provide appropriate permissions.
Access error in Audit 12 Under Audit tab admin can view which user tried to access which directory, here user mukesh got access denied as it did not had the permission to access /testRanger directory Access Denied to user mukesh
List HDFS policies for group 13 Under HDFS policies we can view all the HDFS policies created and which user(s) / group(s) has access to which policies
Create HDFS policy for group 14 Under HDFS policy we can edit/create HDFS policies, this page shows how to create a policy at group level and provide appropriate permissions. Access given to a group
Securing Hive
List policies of Hive 16 Under Hive policies we can view all the Hive policies created and which user(s) / group(s) has access to which policies Hive policy for database User assigned to a policy
Create policy for Hive 17 Under Hive policy we can edit/create Hive policies, this page shows how to create a policy at user level and provide appropriate permissions.
Access error in Audit 18 Under Audit tab admin can view which user tried to access which table/database, here user mukesh got access denied as it did not had the permission to create table under testranger database.
Securing HBase
Create HBase policy 20 Under HBase policy we can edit/create HBase policies, this page shows how to create a policy at user level and provide appropriate permissions.
Access error in Audit 21 Under Audit tab admin can view which user tried to access which table here user nabadeep got access denied as it did not had the permission to put data in table testranger.
Audit Logs
Audit logs in JSON format For each of the service like HDFS, Hive there will audit logs generated if enabled in Ambari 23
Audit logs in JSON format 24
HDFS Audit File structure 25
Audit Log Storage Options HDFS Long term storage that can be used to understand user event trends and predict anomaly RDBMS MySQL, Oracle, Postgres, SQL Server Solr Good for quick reporting metrics to understand user event trends Log4j Appenders
Best practices to use HDFS in Ranger 27 •  Change HDFS umask to 077 fs.permissions.umask.mode=077 •  IdenLfy directory which can be managed by Ranger policies /apps/hive, /apps/Hbase •  IdenLfy directories which need to be managed by HDFS naLve permissions /tmp and /user to 700 •  Enable Ranger policy to audit all records
Best practices to use Hive in Ranger 28 •  HiveServer2 access with limited HDFS access ̶  Column level access control over Hive data •  Hiveserver2, and HDFS files through Pig/MR jobs ̶  hive.server2.enable.doAs is set to "true“ •  Hive CLI access
Atlas & Ranger
Tag Based Policies in Atlas Ø  Atlas and Ranger combination supports automation for governance and policies Ø  Atlas is where tags get set on metadata for example, a Customer table in Hive can be tagged with value “PII” Ø  Ranger policies can be created on these tags to enforce access Ø  Ranger shows audit logs on access Source: https://cwiki.apache.org/confluence/display/RANGER/Tag+Based+Policies
Ranger Tag based policy flow
Tag Service Setup – Ranger Admin Source: https://cwiki.apache.org/confluence/display/RANGER/Tag+Based+Policies
Tag Policy Setup Source: https://cwiki.apache.org/confluence/ display/RANGER/Tag+Based+Policies
Tag Policy Expiry
Backup
References http://www.slideshare.net/trihug/trihug-october-apache-ranger http://www.slideshare.net/RommelGarcia2/apache-ranger https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=53741207 http://hortonworks.com/blog/best-practices-for-hive-authorization-using-apache-ranger-in- hdp-2-2 https://cwiki.apache.org/confluence/display/RANGER/Tag+Based+Policies
Q&A rajesh.nadipalli@gmail.com @ranadipa

More Related Content

PPTX
Ranger admin dev overview
Tushar Dudhatra
 
PDF
TriHUG October: Apache Ranger
trihug
 
PPTX
Apache Hadoop Security - Ranger
Isheeta Sanghi
 
PPTX
An Approach for Multi-Tenancy Through Apache Knox
DataWorks Summit/Hadoop Summit
 
PPTX
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
DataWorks Summit
 
PPTX
Apache Ranger
Rommel Garcia
 
PPTX
Security and Governance on Hadoop with Apache Atlas and Apache Ranger by Srik...
Artem Ervits
 
PDF
Curb your insecurity with HDP - Tips for a Secure Cluster
ahortonworks
 
Ranger admin dev overview
Tushar Dudhatra
 
TriHUG October: Apache Ranger
trihug
 
Apache Hadoop Security - Ranger
Isheeta Sanghi
 
An Approach for Multi-Tenancy Through Apache Knox
DataWorks Summit/Hadoop Summit
 
Extending Apache Ranger Authorization Beyond Hadoop: Review of Apache Ranger ...
DataWorks Summit
 
Apache Ranger
Rommel Garcia
 
Security and Governance on Hadoop with Apache Atlas and Apache Ranger by Srik...
Artem Ervits
 
Curb your insecurity with HDP - Tips for a Secure Cluster
ahortonworks
 

What's hot (20)

PPTX
Improvements in Hadoop Security
DataWorks Summit
 
PDF
Hadoop Security: Overview
Cloudera, Inc.
 
PPTX
Classification based security in Hadoop
Madhan Neethiraj
 
PPTX
Hadoop security
Shivaji Dutta
 
PDF
History of Privacera
Privacera
 
PPTX
Hadoop REST API Security with Apache Knox Gateway
DataWorks Summit
 
PPTX
Open Source Security Tools for Big Data
Rommel Garcia
 
PPTX
Hadoop Security in Big-Data-as-a-Service Deployments - Presented at Hadoop Su...
Abhiraj Butala
 
PPTX
Hadoop Security Today and Tomorrow
DataWorks Summit
 
PPTX
Hadoop Security Today & Tomorrow with Apache Knox
Vinay Shukla
 
PPTX
Managing enterprise users in Hadoop ecosystem
DataWorks Summit
 
PPT
Hadoop Security Architecture
Owen O'Malley
 
PPT
Hadoop Operations: How to Secure and Control Cluster Access
Cloudera, Inc.
 
PPTX
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Kevin Minder
 
PPTX
Hadoop Security Features That make your risk officer happy
DataWorks Summit
 
PDF
Nl HUG 2016 Feb Hadoop security from the trenches
Bolke de Bruin
 
PPTX
Hadoop security @ Philly Hadoop Meetup May 2015
Shravan (Sean) Pabba
 
PPTX
Hdp security overview
Hortonworks
 
PPTX
Securing the Hadoop Ecosystem
DataWorks Summit
 
PDF
August 2014 HUG : Comprehensive Security for Hadoop
Yahoo Developer Network
 
Improvements in Hadoop Security
DataWorks Summit
 
Hadoop Security: Overview
Cloudera, Inc.
 
Classification based security in Hadoop
Madhan Neethiraj
 
Hadoop security
Shivaji Dutta
 
History of Privacera
Privacera
 
Hadoop REST API Security with Apache Knox Gateway
DataWorks Summit
 
Open Source Security Tools for Big Data
Rommel Garcia
 
Hadoop Security in Big-Data-as-a-Service Deployments - Presented at Hadoop Su...
Abhiraj Butala
 
Hadoop Security Today and Tomorrow
DataWorks Summit
 
Hadoop Security Today & Tomorrow with Apache Knox
Vinay Shukla
 
Managing enterprise users in Hadoop ecosystem
DataWorks Summit
 
Hadoop Security Architecture
Owen O'Malley
 
Hadoop Operations: How to Secure and Control Cluster Access
Cloudera, Inc.
 
Securing Hadoop's REST APIs with Apache Knox Gateway Hadoop Summit June 6th, ...
Kevin Minder
 
Hadoop Security Features That make your risk officer happy
DataWorks Summit
 
Nl HUG 2016 Feb Hadoop security from the trenches
Bolke de Bruin
 
Hadoop security @ Philly Hadoop Meetup May 2015
Shravan (Sean) Pabba
 
Hdp security overview
Hortonworks
 
Securing the Hadoop Ecosystem
DataWorks Summit
 
August 2014 HUG : Comprehensive Security for Hadoop
Yahoo Developer Network
 
Ad

Viewers also liked (20)

PDF
SQL on Hadoop
nvvrajesh
 
PDF
SQL on Hadoop: Defining the New Generation of Analytic SQL Databases
OReillyStrata
 
PPTX
The Challenges of SQL on Hadoop
DataWorks Summit
 
PPTX
Securing Hadoop with Apache Ranger
DataWorks Summit
 
PPTX
SQL on Hadoop
Bigdatapump
 
PPTX
Apache NiFi- MiNiFi meetup Slides
Isheeta Sanghi
 
PPTX
Apache HBase™
Prashant Gupta
 
PPTX
Tajo and SQL-on-Hadoop in Tech Planet 2013
Gruter
 
PDF
Building a Hadoop Data Warehouse with Impala
huguk
 
PPTX
Introduction to Azure DocumentDB
Radenko Zec
 
PDF
SQL on Hadoop in Taiwan
Treasure Data, Inc.
 
PPTX
eHarmony @ Hbase Conference 2016 by vijay vangapandu.
Vijaykumar Vangapandu
 
PPTX
Overview of HDFS Transparent Encryption
Cloudera, Inc.
 
PDF
Interactive SQL-on-Hadoop and JethroData
Ofir Manor
 
PPTX
Is your Enterprise Data lake Metadata Driven AND Secure?
DataWorks Summit/Hadoop Summit
 
PPTX
Decision trees in hadoop
Revolution Analytics
 
PDF
Discover.hdp2.2.storm and kafka.final
Hortonworks
 
PPTX
SQL-on-Hadoop Tutorial
Daniel Abadi
 
PDF
Big SQL Competitive Summary - Vendor Landscape
Nicolas Morales
 
PDF
Kafka Summit SF Apr 26 2016 - Generating Real-time Recommendations with NiFi,...
Chris Fregly
 
SQL on Hadoop
nvvrajesh
 
SQL on Hadoop: Defining the New Generation of Analytic SQL Databases
OReillyStrata
 
The Challenges of SQL on Hadoop
DataWorks Summit
 
Securing Hadoop with Apache Ranger
DataWorks Summit
 
SQL on Hadoop
Bigdatapump
 
Apache NiFi- MiNiFi meetup Slides
Isheeta Sanghi
 
Apache HBase™
Prashant Gupta
 
Tajo and SQL-on-Hadoop in Tech Planet 2013
Gruter
 
Building a Hadoop Data Warehouse with Impala
huguk
 
Introduction to Azure DocumentDB
Radenko Zec
 
SQL on Hadoop in Taiwan
Treasure Data, Inc.
 
eHarmony @ Hbase Conference 2016 by vijay vangapandu.
Vijaykumar Vangapandu
 
Overview of HDFS Transparent Encryption
Cloudera, Inc.
 
Interactive SQL-on-Hadoop and JethroData
Ofir Manor
 
Is your Enterprise Data lake Metadata Driven AND Secure?
DataWorks Summit/Hadoop Summit
 
Decision trees in hadoop
Revolution Analytics
 
Discover.hdp2.2.storm and kafka.final
Hortonworks
 
SQL-on-Hadoop Tutorial
Daniel Abadi
 
Big SQL Competitive Summary - Vendor Landscape
Nicolas Morales
 
Kafka Summit SF Apr 26 2016 - Generating Real-time Recommendations with NiFi,...
Chris Fregly
 
Ad

Similar to Apache ranger meetup (20)

PPTX
Security needs in Hadoop’s Current and Future – How Apache Ranger can help?
DataWorks Summit
 
PPTX
Security and Data Governance using Apache Ranger and Apache Atlas
DataWorks Summit/Hadoop Summit
 
PPTX
Treat your enterprise data lake indigestion: Enterprise ready security and go...
DataWorks Summit
 
PDF
Apache Ranger
Mike Frampton
 
PDF
BigData Security - A Point of View
Karan Alang
 
PPTX
Open Source Security Tools for Big Data
Great Wide Open
 
PDF
Hadoop Security
Timothy Spann
 
PDF
Hadoop & Security - Past, Present, Future
Uwe Printz
 
PDF
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
Hortonworks
 
PPTX
Enabling ABAC with Accumulo and Ranger integration
DataWorks Summit
 
PPTX
Securing Hadoop in an Enterprise Context
Hellmar Becker
 
PDF
2014 sept 4_hadoop_security
Adam Muise
 
PPTX
Securing Hadoop in an Enterprise Context
DataWorks Summit/Hadoop Summit
 
PPTX
Securing Hadoop in an Enterprise Context (v2)
Hellmar Becker
 
PPTX
Apache Hadoop India Summit 2011 talk "Making Apache Hadoop Secure" by Devaraj...
Yahoo Developer Network
 
PDF
Охота на уязвимости Hadoop
Positive Hack Days
 
PDF
Practical Hadoop Security 1st ed. Edition Lakhe
kovachvidar
 
PPTX
Saving the elephant—now, not later
DataWorks Summit
 
PPTX
Improvements in Hadoop Security
Chris Nauroth
 
PDF
April 2014 HUG : Apache Sentry
Yahoo Developer Network
 
Security needs in Hadoop’s Current and Future – How Apache Ranger can help?
DataWorks Summit
 
Security and Data Governance using Apache Ranger and Apache Atlas
DataWorks Summit/Hadoop Summit
 
Treat your enterprise data lake indigestion: Enterprise ready security and go...
DataWorks Summit
 
Apache Ranger
Mike Frampton
 
BigData Security - A Point of View
Karan Alang
 
Open Source Security Tools for Big Data
Great Wide Open
 
Hadoop Security
Timothy Spann
 
Hadoop & Security - Past, Present, Future
Uwe Printz
 
Hortonworks Protegrity Webinar: Leverage Security in Hadoop Without Sacrifici...
Hortonworks
 
Enabling ABAC with Accumulo and Ranger integration
DataWorks Summit
 
Securing Hadoop in an Enterprise Context
Hellmar Becker
 
2014 sept 4_hadoop_security
Adam Muise
 
Securing Hadoop in an Enterprise Context
DataWorks Summit/Hadoop Summit
 
Securing Hadoop in an Enterprise Context (v2)
Hellmar Becker
 
Apache Hadoop India Summit 2011 talk "Making Apache Hadoop Secure" by Devaraj...
Yahoo Developer Network
 
Охота на уязвимости Hadoop
Positive Hack Days
 
Practical Hadoop Security 1st ed. Edition Lakhe
kovachvidar
 
Saving the elephant—now, not later
DataWorks Summit
 
Improvements in Hadoop Security
Chris Nauroth
 
April 2014 HUG : Apache Sentry
Yahoo Developer Network
 

More from nvvrajesh (8)

PDF
HdInsight essentials Hadoop on Microsoft Platform
nvvrajesh
 
PPTX
Information management and enterprise architecture
nvvrajesh
 
PPTX
Pentaho bi suite overview presentation
nvvrajesh
 
PPTX
Social Networking for Non-Profits
nvvrajesh
 
PPTX
Oracle business intelligence overview
nvvrajesh
 
PPTX
BI the Agile Way
nvvrajesh
 
PPTX
Agile Process in a Nutshell
nvvrajesh
 
PPTX
Hadoop For Enterprises
nvvrajesh
 
HdInsight essentials Hadoop on Microsoft Platform
nvvrajesh
 
Information management and enterprise architecture
nvvrajesh
 
Pentaho bi suite overview presentation
nvvrajesh
 
Social Networking for Non-Profits
nvvrajesh
 
Oracle business intelligence overview
nvvrajesh
 
BI the Agile Way
nvvrajesh
 
Agile Process in a Nutshell
nvvrajesh
 
Hadoop For Enterprises
nvvrajesh
 

Recently uploaded (20)

PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PPTX
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PPTX
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
PPTX
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PDF
Complete React Javascript Course Syllabus.pdf
sachinpatil536675
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PPTX
Materi-Enum-and-Record-Data-Type (1).pptx
RanuFajar1
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
Essential Infomation Tech presentation.pptx
pradeepjava2016
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
Complete React Javascript Course Syllabus.pdf
sachinpatil536675
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
Materi-Enum-and-Record-Data-Type (1).pptx
RanuFajar1
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
Introduction Database Management System for Course Database
ReinertYosua
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 

Apache ranger meetup