Configuring Mapr Security

Security features for the MapR Converged Data Platform are disabled by default. You can enable security features at any time, but additional configuration is required for the individual components to work with security enabled, particularly elements that use Kerberos for user authentication. This section discusses initial configuration of a secure cluster as well as other forms of security.

The following access control elements are active whether or not your cluster's security features are enabled, however, once security features are enabled, these elements benefit from encrypted traffic within the cluster and strong authentication to the cluster.

  • Access Control Lists (ACLs) for the cluster, the volumes in the cluster, and the MapReduce job queue.
  • Access Control Expressions (ACEs) control user permissions for directories, files, and MapR-DB tables that are stored natively.
  • File permissions for objects in the MapR-FS layer.
  • Subnet whitelisting restricts access to the cluster's FileServer service.

On clusters with security features enabled, Ecosystem components may require additional configuration. For example, Hive functionality has different security requirements depending on the interaction between the HiveServer2 component, the Hive command-line interface, and the Hive metastore.

See the Security Support Matrix for more information about supported security options for Ecosystem components. See the specific Ecosystem component in the Ecosystem Components for information on security configuration.

See Security Vulnerabilities for a list of known vulnerabilities.