Policies define who can access which resources within a Repository. Policies can only be written for known Users and Groups, that is users and groups that have already been defined in the HDP Security Administration Web UI, either by the User and Groups Synchronizer or manually entered.
To add a Policy:
Click
> > .The Create Policy page displays.
Complete the Policy Details:
Table 5.1. Policy Details
Field Description HDFS: Resource Path or Hive/HBase Tables and Columns For HDFS, enter a comma separated list of paths for the policy. For example, /apps/tez/qa,/apps/tez/production
. For Hive and HBase, start typing the table name and select the tables you want to add. In the path, you can use regular expression to match multiple directory (or table/column/column family names), for example,/apps/tez/qa*
matches all subdirectories of/apps/tez
that being with 'qa'.Description Enter text that describes the policy, only visible from the Policy Manager UI. Recursive Select Yes to grant permission to all subdirectories of the specified path. Audit Logging Select Yes to log activity to the directory to the Audit and Reporting facility of the HDP Security Administration tools. Complete the User and Group Details:
Table 5.2. Policy Details
Field Description Group Permission Click the + sign to select a group from the Users and Groups list. If the group is not listed, it must be added to the server that the User and Group Synchronizer polls for accounts. If the user or group was recently added, it will appear after the next sync_interval
.User Permission Click the + sign to select a user from the Users and Groups list. If the user is not listed, it must be added to the server that the User and Group Synchronizer polls for accounts. If the user or group was recently added, it will appear after the next sync_interval
.Policy Status Select Enabled to enforce the Policy, or Disabled to keep a copy of the Policy without enforcing it. Click
.