Building a data-driven authorization framework

Building a data-driven authorization framework

Thursday, April 19
4:50 PM - 5:30 PM
Room II

The integration of Ranger and Atlas is a fundamental shift in how to provision access to assets within the Hadoop ecosystem. It allows for those who understand the content and classification of data to assign proper permissions based on data-specific attributes, rather than the current model of location- and user-based model. Furthermore, it provides a clear separation of duties and ensures the responsibility of maintaining data access security remains with the most appropriate teams: i.e. those who know the data best.

Moreover, data classification changes in Atlas trigger a change in Ranger policies to the appropriate authorization rules. It provides an agile approach to authorization. It further reduces the workload and stress on operational teams allowing for faster and accurate delivery.

With the ongoing evolution and maturation of the Hadoop ecosystem’s tools and services, data-driven authorization will scale in parallel. Essentially, it simplifies the number of policies defined across multiple services into a single policy per tag (data classification) that spans services. It takes careful planning and architecture to unlock these features in Atlas and Ranger.

The presentation will be a tutorial on how to:
• Structure user groups
• Add custom fields, entities, and tags to Atlas
• Inherit and chain Atlas entities and tags
• Configure Ranger to sync Atlas tags and assign permissions based on those tags
• Assign conditional permissions based on Atlas tags’ properties
• Integrate Atlas into your ingestion framework to auto assign metadata to your data
• A full run through of creating an entity, adding custom fields, adding tags, and configuring policies in Ranger to utilize the tag

The tutorial will also highlight key features in Atlas and different integration points within the Hadoop ecosystem. At the end of the tutorial, attendees should gain functional knowledge on how to authorize assets based on their metadata.

Presentation Video


Amer Issa
Senior Platform and Security Architect
Hortonworks Inc
Amer Issa, a Platform and Security Architect at Hortonworks based in Canada. I specialize in Hadoop platform engineering with an emphasis on DevOps and Security. Started my career as a System’s Engineer and transitioned into Cloud and Big Data. I have a spent the majority of my career in highly governed and secured environments; mostly financial and health related. Currently I act as an SME when it comes to security implementations and the integration of Hadoop with the existing frameworks of organizations. I also help transform organizations to a mentality of automation and infrastructure as code.