b. Authorization

This is the process of specifying access rights to a user to do or have something and also controlling access on particular. Hadoop framework uses service level authorization. This is primarily managed by file permission in HDFS. It is an initial mechanism to confirm that user connecting to a particular Hadoop services are authorized to access the provided services. It also specifies that what a user can and cannot do within the Hadoop clusters.

Authorization defines the access policies of Hadoop clusters. Kerberos is responsible for providing Service-level authorization in Hadoop because authorization arises in the perspective of authentication. After successful authentication, user may be authorized for accessing different types of services. For enabling it, some configuration has to be done in core Hadoop as well as in Kerberos. It also provides Access Control Lists (ACLs) for every Hadoop services.

c. Accountability

Accounting or Auditing is used to measure the consumption of resources by user during access. It is also an important key aspect of security in Hadoop framework because of providing report on data (like, from where that data came? what is the use of that data? how it is being used? etc.). The accounting can also include the system time for a particular user during a session. There is a secondary name node, which is the solution to single point of failure of Hadoop namenode (master node). The task of the secondary namenode is to generate and maintain the log files of the system, so in case of failure of master namenode, we can retrieve the metadata back. The log files collected by this secondary namenode can also be used for auditing the system. Having a robust audit data is always helpful for organizations to check and manage their regulatory compliance with controlling the situation proactively. Figure 3 shows that at every slave node logs must be maintained for auditing purpose.

 
Source
< Prev   CONTENTS   Source   Next >