Apache ZooKeeper ACLs
Also available as:
PDF

ZooKeeper ACLs Best Practices: Oozie

Best practices for tightening the ZooKeeper ACLs/permissions for Oozie when provisioning a secure cluster.

  • ZooKeeper Usage:
    • Used to coordinate multiple Oozie servers.

  • Default ACLs:

    In a secure cluster, Oozie restricts the access to Oozie Znodes to the oozie principals only using Kerberos backed ACLs.
    • /oozie - node that stores oozie server information in HA mode

    Default ACLs:
    • /oozie - world:anyone:cdrwa

  • Security Best Practice ACLs/Permissions and Required Steps:
    • Set oozie.zookeeper.secure to secure