| Table of Contents |
|---|
Datameer Implementation
...
The Datameer process is run by a member of the HDFS supergroup and is configured to proxy other users when submitting jobs or accessing HDFS. Datameer achieves this by using the secure impersonation feature, behaving similarly to the workflow manager, Oozie. For more information see secure impersonation.
You can find more information about the approach of using proxy users in the following documents:
...
| Warning | ||
|---|---|---|
| ||
Groups need to be in both Datameer and in HDFS to be properly configured. |
Cloudera
...
Sentry
...
and Hortonworks Ranger integration
When Sentry or Ranger are on a Hadoop cluster that has the impersonation plug-in enabled. In this case, Datameer acts as a DFS client and respects Sentry permissionsthe (Sentry or Ranger) permissions.
The Datameer private folder in HDFS should be owned by datameer:<dasuser>, which is the group that is specified for impersonation, including its core directories. To ensure this ownership, run secure_hdfs_tool.sh.
If you want Datameer users to access resources that are controlled by Sentry or Ranger, then proper privileges and user mapping need to be granted set from Sentrythat software.