8. Using VectorH with Hadoop Security Systems : Configuring VectorH for Use with Apache Ranger : Access to HDFS
Share this page                  
Access to HDFS
VectorH needs full and exclusive access to all files under the /Actian directory in HDFS. Also, some of the Hadoop services require the VectorH user (actian) to have access to additional directories for housekeeping purposes.
The easiest way to ensure such access is to enable "federated mode" for Ranger in HDFS (in the Ambari console: HDFS, Configs, Advanced, Advanced ranger-hdfs-security, xasecure.add-hadoop-authorization=true) and letting HDFS access control default to the existing POSIX permissions.
When access control through Ranger policies is desired, you must define a policy to allow VectorH to access the appropriate locations in HDFS. In its simplest form, such a policy could look like this:
Policy Name: Actian
Resource Path: /Actian, /Actian/*, /ats/active, /ats/active/*, /user/actian, /user/actian/*, /app-logs, /app-logs/actian, /app-logs
Recursive: On
User and Group Permissions
User: actian
Permissions: Read/Write/Execute