You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Sridhar S <sr...@gmail.com> on 2015/01/13 10:06:31 UTC
Request for pointers on enhancing Ranger.
Hi,
I am attempting to enhance Ranger with my own ACLs which are currently
being used for encryption decryption operations performed in hadoop. Any
help on pointers to which parts of the code should i be looking at would
be much appreciated.
Sridhar
Re: Request for pointers on enhancing Ranger.
Posted by Sridhar S <sr...@gmail.com>.
Thanks for the info Balaji, will go through this document.
Sridhar
On Wed, Jan 14, 2015 at 11:31 AM, Balaji Ganesan <bg...@hortonworks.com>
wrote:
> Sridhar,
>
> If you need to replace the authorization within your application, and
> leverage policies within Ranger, then you need to build a custom plugin
> for your application.
>
> See if this can help
> http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.2.0/Ranger_Adding_New_v
> 22/index.html#Item1.2
>
> On 1/13/15, 9:28 PM, "Sridhar S" <sr...@gmail.com> wrote:
>
> >Hi Alok,
> > Much appreciate your response.
> > Yes, i meant HDFS DFS. Currently my application UI lets users define
> >ACLs
> >for different types of data. Data of a given type is either
> >allowed or disallowed for a given user for decryption of encrypted data.
> >Encryption and Decryption is done via map reduce and the results stored in
> >DFS.
> > If allowed, the user would be able to decrypt the data else he would just
> >get
> >the encrypted data back when attempting to do decryption. Now, i am
> >trying
> >to provide the ACL definition facility via Ranger portal
> >and use the Ranger DB to store the ACL policies.Do i need to define a
> >custom plugin to pull these policies from Ranger portal and
> >then enforce the ACLs? What are the steps i need to follow? I seek your
> >continued help in this.
> >Sridhar
> >
> >
> >On Wed, Jan 14, 2015 at 12:21 AM, Alok Lal <al...@hortonworks.com> wrote:
> >
> >> Can you explain your use case a bit please?
> >>
> >> I am attempting to enhance Ranger with my own ACLs which are currently
> >> > being used for encryption decryption operations performed in hadoop.
> >> >
> >>
> >> I trust when you say hadoop you mean the HDFS DFS. Right? Where are
> >>you
> >> current ACLs? Are you looking to replicate the ACL that are used for
> >> encryption to also be used for access, too? Or are you trying to use
> >> Ranger policies to enforce encryption/decryption?
> >>
> >> On Tue, Jan 13, 2015 at 1:06 AM, Sridhar S <sr...@gmail.com>
> >> wrote:
> >>
> >> > Hi,
> >> > I am attempting to enhance Ranger with my own ACLs which are
> >>currently
> >> > being used for encryption decryption operations performed in hadoop.
> >>Any
> >> > help on pointers to which parts of the code should i be looking at
> >>would
> >> > be much appreciated.
> >> > Sridhar
> >> >
> >>
> >>
> >>
> >> --
> >> "* ... there is nothing more secure then a computer which is not
> >>connected
> >> to the network --- and powered off!...*" - from Kerberos Introduction
> >> <http://web.mit.edu/Kerberos/www/#what_is>
> >>
> >> --
> >> CONFIDENTIALITY NOTICE
> >> NOTICE: This message is intended for the use of the individual or
> >>entity to
> >> which it is addressed and may contain information that is confidential,
> >> privileged and exempt from disclosure under applicable law. If the
> >>reader
> >> of this message is not the intended recipient, you are hereby notified
> >>that
> >> any printing, copying, dissemination, distribution, disclosure or
> >> forwarding of this communication is strictly prohibited. If you have
> >> received this communication in error, please contact the sender
> >>immediately
> >> and delete it from your system. Thank You.
> >>
> >
> >--
> >CONFIDENTIALITY NOTICE
> >NOTICE: This message is intended for the use of the individual or entity
> >to
> >which it is addressed and may contain information that is confidential,
> >privileged and exempt from disclosure under applicable law. If the reader
> >of this message is not the intended recipient, you are hereby notified
> >that
> >any printing, copying, dissemination, distribution, disclosure or
> >forwarding of this communication is strictly prohibited. If you have
> >received this communication in error, please contact the sender
> >immediately
> >and delete it from your system. Thank You.
>
>
Re: Request for pointers on enhancing Ranger.
Posted by Balaji Ganesan <bg...@hortonworks.com>.
Sridhar,
If you need to replace the authorization within your application, and
leverage policies within Ranger, then you need to build a custom plugin
for your application.
See if this can help
http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.2.0/Ranger_Adding_New_v
22/index.html#Item1.2
On 1/13/15, 9:28 PM, "Sridhar S" <sr...@gmail.com> wrote:
>Hi Alok,
> Much appreciate your response.
> Yes, i meant HDFS DFS. Currently my application UI lets users define
>ACLs
>for different types of data. Data of a given type is either
>allowed or disallowed for a given user for decryption of encrypted data.
>Encryption and Decryption is done via map reduce and the results stored in
>DFS.
> If allowed, the user would be able to decrypt the data else he would just
>get
>the encrypted data back when attempting to do decryption. Now, i am
>trying
>to provide the ACL definition facility via Ranger portal
>and use the Ranger DB to store the ACL policies.Do i need to define a
>custom plugin to pull these policies from Ranger portal and
>then enforce the ACLs? What are the steps i need to follow? I seek your
>continued help in this.
>Sridhar
>
>
>On Wed, Jan 14, 2015 at 12:21 AM, Alok Lal <al...@hortonworks.com> wrote:
>
>> Can you explain your use case a bit please?
>>
>> I am attempting to enhance Ranger with my own ACLs which are currently
>> > being used for encryption decryption operations performed in hadoop.
>> >
>>
>> I trust when you say hadoop you mean the HDFS DFS. Right? Where are
>>you
>> current ACLs? Are you looking to replicate the ACL that are used for
>> encryption to also be used for access, too? Or are you trying to use
>> Ranger policies to enforce encryption/decryption?
>>
>> On Tue, Jan 13, 2015 at 1:06 AM, Sridhar S <sr...@gmail.com>
>> wrote:
>>
>> > Hi,
>> > I am attempting to enhance Ranger with my own ACLs which are
>>currently
>> > being used for encryption decryption operations performed in hadoop.
>>Any
>> > help on pointers to which parts of the code should i be looking at
>>would
>> > be much appreciated.
>> > Sridhar
>> >
>>
>>
>>
>> --
>> "* ... there is nothing more secure then a computer which is not
>>connected
>> to the network --- and powered off!...*" - from Kerberos Introduction
>> <http://web.mit.edu/Kerberos/www/#what_is>
>>
>> --
>> CONFIDENTIALITY NOTICE
>> NOTICE: This message is intended for the use of the individual or
>>entity to
>> which it is addressed and may contain information that is confidential,
>> privileged and exempt from disclosure under applicable law. If the
>>reader
>> of this message is not the intended recipient, you are hereby notified
>>that
>> any printing, copying, dissemination, distribution, disclosure or
>> forwarding of this communication is strictly prohibited. If you have
>> received this communication in error, please contact the sender
>>immediately
>> and delete it from your system. Thank You.
>>
>
>--
>CONFIDENTIALITY NOTICE
>NOTICE: This message is intended for the use of the individual or entity
>to
>which it is addressed and may contain information that is confidential,
>privileged and exempt from disclosure under applicable law. If the reader
>of this message is not the intended recipient, you are hereby notified
>that
>any printing, copying, dissemination, distribution, disclosure or
>forwarding of this communication is strictly prohibited. If you have
>received this communication in error, please contact the sender
>immediately
>and delete it from your system. Thank You.
Re: Request for pointers on enhancing Ranger.
Posted by Sridhar S <sr...@gmail.com>.
Hi Alok,
Much appreciate your response.
Yes, i meant HDFS DFS. Currently my application UI lets users define ACLs
for different types of data. Data of a given type is either
allowed or disallowed for a given user for decryption of encrypted data.
Encryption and Decryption is done via map reduce and the results stored in
DFS.
If allowed, the user would be able to decrypt the data else he would just
get
the encrypted data back when attempting to do decryption. Now, i am trying
to provide the ACL definition facility via Ranger portal
and use the Ranger DB to store the ACL policies.Do i need to define a
custom plugin to pull these policies from Ranger portal and
then enforce the ACLs? What are the steps i need to follow? I seek your
continued help in this.
Sridhar
On Wed, Jan 14, 2015 at 12:21 AM, Alok Lal <al...@hortonworks.com> wrote:
> Can you explain your use case a bit please?
>
> I am attempting to enhance Ranger with my own ACLs which are currently
> > being used for encryption decryption operations performed in hadoop.
> >
>
> I trust when you say hadoop you mean the HDFS DFS. Right? Where are you
> current ACLs? Are you looking to replicate the ACL that are used for
> encryption to also be used for access, too? Or are you trying to use
> Ranger policies to enforce encryption/decryption?
>
> On Tue, Jan 13, 2015 at 1:06 AM, Sridhar S <sr...@gmail.com>
> wrote:
>
> > Hi,
> > I am attempting to enhance Ranger with my own ACLs which are currently
> > being used for encryption decryption operations performed in hadoop. Any
> > help on pointers to which parts of the code should i be looking at would
> > be much appreciated.
> > Sridhar
> >
>
>
>
> --
> "* ... there is nothing more secure then a computer which is not connected
> to the network --- and powered off!...*" - from Kerberos Introduction
> <http://web.mit.edu/Kerberos/www/#what_is>
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to
> which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>
Re: Request for pointers on enhancing Ranger.
Posted by Alok Lal <al...@hortonworks.com>.
Can you explain your use case a bit please?
I am attempting to enhance Ranger with my own ACLs which are currently
> being used for encryption decryption operations performed in hadoop.
>
I trust when you say hadoop you mean the HDFS DFS. Right? Where are you
current ACLs? Are you looking to replicate the ACL that are used for
encryption to also be used for access, too? Or are you trying to use
Ranger policies to enforce encryption/decryption?
On Tue, Jan 13, 2015 at 1:06 AM, Sridhar S <sr...@gmail.com> wrote:
> Hi,
> I am attempting to enhance Ranger with my own ACLs which are currently
> being used for encryption decryption operations performed in hadoop. Any
> help on pointers to which parts of the code should i be looking at would
> be much appreciated.
> Sridhar
>
--
"* ... there is nothing more secure then a computer which is not connected
to the network --- and powered off!...*" - from Kerberos Introduction
<http://web.mit.edu/Kerberos/www/#what_is>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.