To enable authorization in Distributed CDAP, add these properties to cdap-site.xml:
Parameter | Value |
---|---|
| true |
| Absolute path of the JAR file to be used as the authorization extension. This file must be present on the local file system of the CDAP Master. In an HA environment, it should be present on the local file system of all CDAP Master hosts. |
| Extra classpath for security extension. |
Authorization in CDAP only takes effect once perimeter security is also enabled by setting security.enabled
to true
. Additionally, Kerberos must be enabled on the cluster and for CDAP by setting kerberos.auth.enabled
to true
since CDAP Authorization depends on Kerberos.
...
Authorization in CDAP is implemented as authorization extensions. Apart from the above configuration settings, an extension may require additional properties to be configured. See the documentation on individual extensions for configuring properties specific to that extension:
...
...
.
Security extension properties, which are specified in cdap-site.xml
, begin with the prefix security.authorization.extension.config
.
...