Arcadia Enterprise supports both authorization and auditing with Ranger. For details about them, see the following articles:
To ensure that Ranger allows Arcadia access to Hive objects, and to enable Arcadia audit logging in HDFS, you must add the appropriate policies in the Ranger interface. Ensure that you set the following parameters:
arcadia_audit
, set to
enabled./ranger/audit
, set to
recursive.arcadia
, and set Permissions to
write.The installer correctly configures Apache Ranger auditing and authorization in most default
settings. In cases where the default configuration does not work, the Ambari configuration
panes let us modify the two configuration files,
ranger-arcengine-security.xml
and
ranger-arcengine-audit.xml
.
You can enable Apache Ranger when installing or upgrading Arcadia Enterprise through Ambari Stacks. The XML settings generate automatically, based on Hive configuration:
To enable logging, you can make the following changes:
To enable Solr Audit logging, change xasecure.audit.destirion.solr
to
true
.
To enable HDFS Audit logging, change
xasecure.audit.destination.hdfs
to true.
All other parameters are based on Hive Audit logging configurations; you can change them manually.