Configuring Mapr Security

Provides usage information for frequently used security functionality, including Access Control Lists (ACLs), Access Control Expressions (ACEs), file permissions, and subnet whitelisting.

Note: MapR 6.0 makes it easier to secure new MapR installations. For more information, see Built-in Security in MapR.

Wired encryption and authentication (including impersonation) for the MapR platform and all supported ecosystem products are enabled for new installations through the MapR Installer.

You can enable security features at any time, but additional configuration is required for the individual components to work with security enabled. This section discusses initial configuration of a secure cluster as well as other forms of security.

The following access control elements are available whether or not your cluster security features are enabled. Additionally, once security features are enabled, these elements benefit from encrypted traffic within the cluster and strong authentication to the cluster.

  • Access Control Lists (ACLs) for the cluster, the volumes in the cluster, and the MapReduce application queue
  • Access Control Expressions (ACEs) control user permissions for directories, files, and MapR-DB tables that are stored natively
  • File permissions for objects in the MapR-FS layer
  • Subnet whitelisting restricts access to the cluster's FileServer service

On clusters with security features enabled, ecosystem components may require additional configuration. For example, Hive functionality has different security requirements depending on the interaction between the HiveServer2 component, the Hive command-line interface, and the Hive metastore.

See the MapR Security Support Matrix for more information about supported security options for Ecosystem components. See the specific Ecosystem component in the Ecosystem Components for information on security configuration.

See Security Vulnerabilities for a list of known vulnerabilities.