Let me build on to what Gautam has said, anticipating a question that you may have given that our plugins run in-process. Plugins do rely on the policy manager (a Separate process running on some different machine on the cluster) to get updates to policies. What happens if a plugins can't read the policy server? The plugins keep a snapshot of last known valid set of policies in a durable local cache and hence are resilient to network partitions that may make policy manager unreachable.
Best, On Tue, Jan 13, 2015 at 4:21 AM, Gautam Borad <[email protected]> wrote: > Hi Hellmar, > Good to know that you are planning to use Ranger. Please find my > answers inline. > > On Tue, Jan 13, 2015 at 2:16 PM, Hellmar Becker <[email protected]> > wrote: > > > Good morning, > > > > We are planning to use Ranger to secure our (Hortonworks based) datalake > > at ING Bank. In this context, a few questions came up: > > > > - I read that Ranger deploys plugins to the HDFS, Hive, and HBase > services > > that implement access control. Do these plugins run as separate processes > > or more like dynamic libraries inside the main service? > > > > These plugins run as part of the component (namenode, master, etc) > processes. There is no separate process that is run. > > > > - What happens if one of the plugins goes down or becomes unavailable? > > Will the services then be unsecured, or closed to all, or even unable to > > run? > > > > > As mentioned above, since after installation the plugins are part of the > actual process, there is no scenario where the "plugins" will go down. > > > > Kind regards, > > Hellmar Becker > > > > > > ======================================== > > Hellmar Becker > > Edmond Audranstraat 55 > > NL-3543BG Utrecht > > mail: [email protected] > > mobile: +31 6 29986670 > > ======================================== > > > > > > > -- > Regards, > Gautam. > -- "* ... there is nothing more secure then a computer which is not connected to the network --- and powered off!...*" - from Kerberos Introduction <http://web.mit.edu/Kerberos/www/#what_is> -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
