You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by sh...@apache.org on 2015/12/01 07:46:11 UTC

incubator-atlas git commit: ATLAS-344 Document HBase permissions for secure cluster (tbeerbower via shwethags)

Repository: incubator-atlas
Updated Branches:
  refs/heads/master c9176273b -> 238ca11cd


ATLAS-344 Document HBase permissions for secure cluster (tbeerbower via shwethags)


Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/238ca11c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/238ca11c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/238ca11c

Branch: refs/heads/master
Commit: 238ca11cd5aa65f40616bc347b4b6d4e5964e98a
Parents: c917627
Author: Shwetha GS <ss...@hortonworks.com>
Authored: Tue Dec 1 12:16:02 2015 +0530
Committer: Shwetha GS <ss...@hortonworks.com>
Committed: Tue Dec 1 12:16:02 2015 +0530

----------------------------------------------------------------------
 docs/src/site/twiki/Configuration.twiki | 13 +++++++++++++
 docs/src/site/twiki/index.twiki         |  2 +-
 docs/src/site/twiki/security.twiki      |  2 ++
 release-log.txt                         |  1 +
 4 files changed, 17 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/238ca11c/docs/src/site/twiki/Configuration.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/Configuration.twiki b/docs/src/site/twiki/Configuration.twiki
index 63dd725..4a99fcd 100644
--- a/docs/src/site/twiki/Configuration.twiki
+++ b/docs/src/site/twiki/Configuration.twiki
@@ -45,6 +45,19 @@ Advanced configuration
 # If you are planning to use any of the configs mentioned below, they need to be prefixed with "atlas.graph." to take effect in ATLAS
 Refer http://s3.thinkaurelius.com/docs/titan/0.5.4/titan-config-ref.html#_storage_hbase
 
+Permissions
+
+When Atlas is configured with HBase as the storage backend the graph db (titan) needs sufficient user permissions to be able to create and access an HBase table.  In a secure cluster it may be necessary to grant permissions to the 'atlas' user for the 'titan' table.
+
+With Ranger, a policy can be configured for 'titan'.
+
+Without Ranger, HBase shell can be used to set the permissions.
+
+<verbatim>
+   su hbase
+   kinit -k -t <hbase keytab> <hbase principal>
+   echo "grant 'atlas', 'RWXCA', 'titan'" | hbase shell
+</verbatim>
 
 ---++++ Graph Search Index
 This section sets up the graph db - titan - to use an search indexing system. The example

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/238ca11c/docs/src/site/twiki/index.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/index.twiki b/docs/src/site/twiki/index.twiki
index c49752d..53b7552 100755
--- a/docs/src/site/twiki/index.twiki
+++ b/docs/src/site/twiki/index.twiki
@@ -41,7 +41,7 @@ allows integration with the whole enterprise data ecosystem.
    * [[TypeSystem][Type System]]
    * [[Repository][Metadata Repository]]
    * [[Search][Search]]
-   * [[security][security]]
+   * [[security][Security]]
    * [[Configuration][Configuration]]
    * Notification
       * [[Notification-Entity][Entity Notification]]

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/238ca11c/docs/src/site/twiki/security.twiki
----------------------------------------------------------------------
diff --git a/docs/src/site/twiki/security.twiki b/docs/src/site/twiki/security.twiki
index d19beb4..84b19ad 100755
--- a/docs/src/site/twiki/security.twiki
+++ b/docs/src/site/twiki/security.twiki
@@ -42,6 +42,8 @@ The properties for configuring service authentication are:
    * <code>atlas.authentication.keytab</code> - the path to the keytab file.
    * <code>atlas.authentication.principal</code> - the principal to use for authenticating to the KDC.  The principal is generally of the form "user/host@realm".  You may use the '_HOST' token for the hostname and the local hostname will be substituted in by the runtime (e.g. "Atlas/_HOST@EXAMPLE.COM").
 
+Note that when Atlas is configured with HBase as the storage backend in a secure cluster, the graph db (titan) needs sufficient user permissions to be able to create and access an HBase table.  To grant the appropriate permissions see [[Configuration][Graph persistence engine - Hbase]].
+
 ---+++ SPNEGO-based HTTP Authentication
 
 HTTP access to the Atlas platform can be secured by enabling the platform's SPNEGO support.  There are currently two supported authentication mechanisms:

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/238ca11c/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index 24189fc..6413c21 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -9,6 +9,7 @@ ATLAS-54 Rename configs in hive hook (shwethags)
 ATLAS-3 Mixed Index creation fails with Date types (sumasai via shwethags)
 
 ALL CHANGES:
+ATLAS-344 Document HBase permissions for secure cluster (tbeerbower via shwethags)
 ATLAS-335 Kerberized cluster: Atlas fails to come up with hbase as backend (sumasai via shwethags)
 ATLAS-333 atlas_stop.py – script must delete “atlas.pid” file (ndjouhr via sumasai)
 ATLAS-220 Gets on Enum attribute should return EnumValue(yhemanth via sumasai)