Versions Compared

Old Version 2

changes.mady.by.user Charles Bishop

Saved on

compared with

New Version Current

changes.mady.by.user Juliane Wetzel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

The Datameer process is run by a member of the HDFS supergroup and is configured to proxy other users when submitting jobs or accessing HDFS. Datameer achieves this by using the secure impersonation feature, behaving similarly to the workflow manager, Oozie. For more information see secure impersonation.

You can find more information about the approach of using proxy users in the following documents:

...

Cloudera Sentry and Hortonworks Ranger integration

When Sentry or Ranger are on a Hadoop cluster that has the impersonation plug-in enabled, Datameer acts as a DFS client and respects their the (Sentry or  or Ranger) permissions. 

The Datameer private folder in HDFS should be owned by datameer:<dasuser>, which is the group that is specified for impersonation, including its core directories. To ensure this ownership, run secure_hdfs_tool.sh. 

If you want Datameer users to access resources that are controlled by Sentry or Ranger, then proper privileges and user mapping need to be granted set from Sentry.Datameer doesn't have any Sentry-specific integrationthat software.