Apache Ranger&用于HDInsight的Azure RBAC集成 [英] Apache Ranger & Azure RBAC integration for HDInsight

问题描述

我想更详细地了解Apache Ranger和Azure RBAC如何集成，特别是在访问Azure Data Lake Storage（ADLS Gen 2）的上下文中。

I would like to understand in greater detail how Apache Ranger and Azure RBAC integrate, particularly in the context of access to Azure Data Lake Storage (ADLS Gen 2).

推荐答案

您好，

Azure Data Lake Storage Gen2的安全模型支持ACL和POSIX权限。

The security model for Azure Data Lake Storage Gen2 supports ACL and POSIX permissions.

这些存储ACL功能通过HDInsight中的apache Ranger进行细粒度访问控制，用于Spark，Kafka，Hive和HBase等应用程序，可以非常方便地为整个组织打开数据湖，并提供适当的安全性
控制和审计。

These storage ACL capabilities along with fine grain access control via apache Ranger in HDInsight for applications such as Spark, Kafka, Hive, and HBase make it very convenient to open up your data lake for entire organization with appropriate security control and auditing in place.

Azure Data Lake Storage Gen2使用支持基于角色的访问控制（RBAC）和类似POSIX的访问控制列表（ACL）的访问控制模型。 Data Lake Storage Gen1仅支持访问控制列表，用于控制对数据的访问。

Azure Data Lake Storage Gen2 uses an access control model that supports both role-based access control (RBAC) and POSIX-like access control lists (ACLs). Data Lake Storage Gen1 supports access control lists only for controlling access to data.

RBAC使用角色分配有效地将权限集应用于Azure资源的用户，组和服务主体。通常，这些Azure资源受限于顶级资源（例如，Azure存储帐户）。对于Azure存储，
以及Data Lake Storage Gen2，此机制已扩展到文件系统资源。

RBAC uses role assignments to effectively apply sets of permissions to users, groups, and service principals for Azure resources. Typically, those Azure resources are constrained to top-level resources (for example, Azure storage accounts). For Azure Storage, and also Data Lake Storage Gen2, this mechanism has been extended to the file system resource.

有关RBAC文件权限的详细信息，请参阅  Azure基于角色的访问控制
（RBAC）。

For more information about file permissions with RBAC, see Azure role-based access control (RBAC).

希望这会有所帮助。

这篇关于Apache Ranger&用于HDInsight的Azure RBAC集成的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！