How Arcadia Simplifies Role-based Access Control for Hadoop Stacks
When integrating traditional business intelligence software with Apache Hadoop, developers often find themselves mired in trying to coordinate access roles across different applications. Hadoop-native security and management platform Arcadia Data leverages Cloudera’s security features allowing developers to manage, assign, and secure what roles team members need in order to access information. Arcadia Sentry services are set up from within Cloudera, including role management and definition, allowing for administrators to better control permissions within their stacks.
In this short tutorial, Shaun Ahmadian, a solutions engineer at Arcadia Data, explores how users can set up Sentry services, define and manage roles, define user privileges, and maintain system security. By integrating Arcadia with the Kerberos authentication protocol, users are able to access data from within Hadoop based on the profile and permissions of the individual accessing the information.
Arcadia Data utilizes three components to make up its privilege tab. These include ‘System,’ which includes viewing system logs, ‘Connections,’ and ‘Data Sets,’ which are the objects upon which its visuals are built. After creating a new user with a security analyst role, Fishman noted that “For the security analyst, we will give them access to only the security logs. We will not give them the ability to actually manage and create new visuals, or perform exploration. It will be purely a view only privilege.”
Through utilizing role-based access control (RBAC), Arcadia Data users are assigned permissions which allow them to create, view, and manage data according to the information their role can access. Administrators no longer have to recreate security for different platforms. Arcadia imports roles in bulk at installation time and mirrors these role definitions as the underlying Sentry roles change.