December 16, 2019

284 words 2 mins read

Authorization in the cloud: Enforcing access control across compute engines

Authorization in the cloud: Enforcing access control across compute engines

Li Li and Hao Hao elaborate the architecture of Apache Sentry + RecordService for Hadoop in the cloud, which provides unified, fine-grained authorization via role- and attribute-based access control, to encourage attendees to adopt Apache Sentry and RecordService to protect sensitive data on the multitenant cloud across the Hadoop ecosystem.

Talk Title Authorization in the cloud: Enforcing access control across compute engines
Speakers
Conference Strata + Hadoop World
Conf Tag Make Data Work
Location New York, New York
Date September 27-29, 2016
URL Talk Page
Slides Talk Slides
Video

Hadoop in the cloud is becoming an increasingly common use case, as the cloud provides rapid access to flexible and low-cost IT resources. Similar to traditional on-premises Hadoop clusters, data authorization becomes more crucial than ever for the multitenant cloud. A transparent solution that decouples compute and storage is required for a simple and smooth transition. And since the underlying data is shared across the components, a unified authorization policy should be enforced to adapt the flexibility of Hadoop ecosystem. Li Li and Hao Hao explore Apache Sentry and RecordService as a solution to address this problem. Apache Sentry is a framework to provide fine-grained authorization as a service, and RecordService is an abstraction layer between computing frameworks and data storage, which can leverage and enforce the Sentry centralized authorization policies. Li and Hao discuss the architecture of Apache Sentry and RecordService and how the fine-grained access control policies are uniformly enforced in different Hadoop components in the cloud, such as Hive, Solr, Impala, Kafka, Sqoop2, Spark, Pig, and MapReduce, with no performance loss. They also explain how Apache Sentry can leverage the benefits of both role-based access control (RBAC) and attribute-based access control (ABAC).

comments powered by Disqus