Advanced Governance

Owned by Juliane Wetzel
Last updated: Feb 07, 2022
3 min read

Datameer X's Advanced Governance module is sold as a separate add-on and includes tools to help you manage your data, such as Kerberos secured impersonation and SAML SSO. To purchase the Advanced Governance module, talk to a Datameer X sales or services representative. The following features are a part of Advanced Governance.

Git Plug-in

Datameer X's git plug-in automatically commits workbook changes to a git repository using the Datameer X Event Bus, providing easier access to prior states of a workbook. The following four new workbook REST APIs use the Git plug-in:

  • Read Workbook using Git

  • Create Workbook using Git
  • Overwrite Workbook using Git
  • Roll Back Workbook using Git

Kerberos Plug-in

Kerberos secured impersonation is available through a plug-in. 

INFO

When uploading or importing data, you can indicate which columns to obfuscate by entering the column names in the import settings.

Plug-in as a Requirement

INFO

The plug-in 'Obfuscation Plug-in' with the extension 'EncryptingImportFilterExtension' must be installed an enabled. This plug-in is enabled per default.

Find the plug-in and extension here, when installed:

Configure Obfuscation

To configure column obfuscation:

  1. Open the 'Admin' tab → 'Plug-Ins' and select the plug-in ''Obfuscation Plug-in''The 'configure' icon appears in column 'Actions'.

     

  2. Click the ''Configure'' icon. The plug-in settings open. 
  3. Choose the obfuscation algorithm "AES" from the drop-down. 
  4. Enter the AES encryption key. 
    INFO: The key consists of 16 characters and must fulfill: select mode CBC, key size 128 bits, output text format Base64. 
  5. Enter the AES Initialization Vector and confirm with "Save"Column obfuscation is finished.
    INFO: Use the same encryption key and initialization vector fulfilling the same preferences. 
     

SAML SSO

The SAML SSO plug-in delivered with Datameer X provides the basic infrastructure which allows Datameer X to participate in a SAML SSO environment as a service provider. 

REST API Dependencies 

The following REST APIs for dependencies are included:

REST API for Migrating Folders

REST API for downloading and migrating folders between environments:

Multi-User Group Sharing

INFO

By default, when secure impersonation is enabled, you could share an artifact with a single user group only. This results out of the limitation of a standard POSIX file permission level 'user:group:others'.

With the plugin 'Multiple Group Sharing by ACLs', Datameer X creates a HDFS ACL for a certain file/ folder in the HDFS to reflect additional group permissions. Note that it is not supported to migrate from the ACL mode to the POSIX mode (see https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html). The default sharing mode can be overwritten with the REST call.

When the secure mode 'Native Multi User' (NMU) is enabled and the plugin 'Multiple Group Sharing by ACLs' is installed, then the multi group sharing is the default mechanism.

Enabling Multi-User Group Sharing

To enable this functionality:

  1. Ensure that the HDFS ALC functionality is enabled at the Hadoop cluster. 
    INFO: See Enabling ACLs.
  2. Install the 'Multiple Group Sharing by ACLs' plug-in in Datameer X's 'Admin' section. 

  3. Activate the plug-in via REST API. 
    INFO: This step is not required when NMU mode is activated. 

    Request MethodPUT
    URI Syntax
    curl -v -u '<user>:<password>' -X PUT 'http://host:port/api/groupPermissionMode?mode=MULTIPLE_USERS_GROUPS'
    ResponseThe call should return '204 No Content' HTTP code.

Overview Multi-Group User Plug-In Configuration

INFO

The preference page of the plug-in provides information about the cluster configuration.