0.8.0-incubating/Authentication-Authorization.html - atlas-website - Git at Google

 <!DOCTYPE html>
 <!--
  | Generated by Apache Maven Doxia at 2017-03-16
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <meta name="Date-Revision-yyyymmdd" content="20170316" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Apache Atlas &#x2013; Authentication & Authorization in Apache Atlas.</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
     <link rel="stylesheet" href="./css/site.css" />
     <link rel="stylesheet" href="./css/print.css" media="print" />


     <script type="text/javascript" src="./js/apache-maven-fluido-1.3.0.min.js"></script>


 <script type="text/javascript">$( document ).ready( function() { $( '.carousel' ).carousel( { interval: 3500 } ) } );</script>

             </head>
         <body class="topBarEnabled">


     <div id="topbar" class="navbar navbar-fixed-top ">
       <div class="navbar-inner">
                                   <div class="container" style="width: 68%;"><div class="nav-collapse">


                                 <ul class="nav">
                           <li class="dropdown">
         <a href="#" class="dropdown-toggle" data-toggle="dropdown">Atlas <b class="caret"></b></a>
         <ul class="dropdown-menu">

                       <li>      <a href="index.html"  title="About">About</a>
 </li>

                       <li>      <a href="https://cwiki.apache.org/confluence/display/ATLAS"  title="Wiki">Wiki</a>
 </li>

                       <li>      <a href="https://cwiki.apache.org/confluence/display/ATLAS"  title="News">News</a>
 </li>

                       <li>      <a href="https://git-wip-us.apache.org/repos/asf/incubator-atlas.git"  title="Git">Git</a>
 </li>

                       <li>      <a href="https://issues.apache.org/jira/browse/ATLAS"  title="Jira">Jira</a>
 </li>

                       <li>      <a href="https://cwiki.apache.org/confluence/display/ATLAS/PoweredBy"  title="Powered by">Powered by</a>
 </li>

                       <li>      <a href="http://blogs.apache.org/atlas/"  title="Blog">Blog</a>
 </li>
                           </ul>
       </li>
                 <li class="dropdown">
         <a href="#" class="dropdown-toggle" data-toggle="dropdown">Project Information <b class="caret"></b></a>
         <ul class="dropdown-menu">

                       <li>      <a href="project-info.html"  title="Summary">Summary</a>
 </li>

                       <li>      <a href="mail-lists.html"  title="Mailing Lists">Mailing Lists</a>
 </li>

                       <li>      <a href="http://webchat.freenode.net?channels=apacheatlas&uio=d4"  title="IRC">IRC</a>
 </li>

                       <li>      <a href="team-list.html"  title="Team">Team</a>
 </li>

                       <li>      <a href="issue-tracking.html"  title="Issue Tracking">Issue Tracking</a>
 </li>

                       <li>      <a href="source-repository.html"  title="Source Repository">Source Repository</a>
 </li>

                       <li>      <a href="license.html"  title="License">License</a>
 </li>
                           </ul>
       </li>
                 <li class="dropdown">
         <a href="#" class="dropdown-toggle" data-toggle="dropdown">Releases <b class="caret"></b></a>
         <ul class="dropdown-menu">

                       <li>      <a href="http://www.apache.org/dyn/closer.cgi/incubator/atlas/0.8.0-incubating/"  title="0.8-incubating">0.8-incubating</a>
 </li>

                       <li>      <a href="http://archive.apache.org/dist/incubator/atlas/0.7.1-incubating/"  title="0.7.1-incubating">0.7.1-incubating</a>
 </li>

                       <li>      <a href="http://archive.apache.org/dist/incubator/atlas/0.7.0-incubating/"  title="0.7-incubating">0.7-incubating</a>
 </li>

                       <li>      <a href="http://archive.apache.org/dist/incubator/atlas/0.6.0-incubating/"  title="0.6-incubating">0.6-incubating</a>
 </li>

                       <li>      <a href="http://archive.apache.org/dist/incubator/atlas/0.5.0-incubating/"  title="0.5-incubating">0.5-incubating</a>
 </li>
                           </ul>
       </li>
                 <li class="dropdown">
         <a href="#" class="dropdown-toggle" data-toggle="dropdown">Documentation <b class="caret"></b></a>
         <ul class="dropdown-menu">
                       <li><a href="../index.html" title="latest">latest</a></li>
                       <li><a href="../0.8.0-incubating/index.html"  title="0.8-incubating">0.8-incubating</a></li>
                       <li><a href="../0.7.1-incubating/index.html"  title="0.7.1-incubating">0.7.1-incubating</a></li>
                       <li><a href="../0.7.0-incubating/index.html"  title="0.7-incubating">0.7-incubating</a></li>
                       <li><a href="../0.6.0-incubating/index.html"  title="0.6-incubating">0.6-incubating</a></li>
                       <li><a href="../0.5.0-incubating/index.html"  title="0.5-incubating">0.5-incubating</a></li>
                           </ul>
       </li>
                 <li class="dropdown">
         <a href="#" class="dropdown-toggle" data-toggle="dropdown">ASF <b class="caret"></b></a>
         <ul class="dropdown-menu">

                       <li>      <a href="http://www.apache.org/foundation/how-it-works.html"  title="How Apache Works">How Apache Works</a>
 </li>

                       <li>      <a href="http://www.apache.org/foundation/"  title="Foundation">Foundation</a>
 </li>

                       <li>      <a href="http://www.apache.org/foundation/sponsorship.html"  title="Sponsoring Apache">Sponsoring Apache</a>
 </li>

                       <li>      <a href="http://www.apache.org/foundation/thanks.html"  title="Thanks">Thanks</a>
 </li>
                           </ul>
       </li>
                   </ul>

                       <form id="search-form" action="http://www.google.com/search" method="get"  class="navbar-search pull-right" >

   <input value="http://atlas.incubator.apache.org" name="sitesearch" type="hidden"/>
   <input class="search-query" name="q" id="query" type="text" />
 </form>
 <script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=search-form"></script>


     <iframe src="http://www.facebook.com/plugins/like.php?href=http://atlas.incubator.apache.org/atlas-docs&send=false&layout=button_count&show-faces=false&action=like&colorscheme=dark"
         scrolling="no" frameborder="0"
         style="border:none; width:80px; height:20px; margin-top: 10px;"  class="pull-right" ></iframe>

     <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>

         <ul class="nav pull-right"><li style="margin-top: 10px;">

     <div class="g-plusone" data-href="http://atlas.incubator.apache.org/atlas-docs" data-size="medium"  width="60px" align="right" ></div>

         </li></ul>


                       </div>

         </div>
       </div>
     </div>

         <div class="container">
           <div id="banner">
         <div class="pull-left">
                                                   <a href=".." id="bannerLeft">
                                                                                                 <img src="images/atlas-logo.png"  alt="Apache Atlas" width="200px" height="45px"/>
                 </a>
                       </div>
         <div class="pull-right">                  <a href="http://incubator.apache.org" id="bannerRight">
                                                                                                 <img src="images/apache-incubator-logo.png"  alt="Apache Incubator"/>
                 </a>
       </div>
         <div class="clear"><hr/></div>
       </div>

       <div id="breadcrumbs">
         <ul class="breadcrumb">


                               <li class="">
                     <a href="http://www.apache.org" class="externalLink" title="Apache">
         Apache</a>
         </li>
       <li class="divider ">/</li>
             <li class="">
                     <a href="index.html" title="Atlas">
         Atlas</a>
         </li>
       <li class="divider ">/</li>
         <li class="">Authentication & Authorization in Apache Atlas.</li>


                   <li id="publishDate" class="pull-right">Last Published: 2017-03-16</li> <li class="divider pull-right">|</li>
               <li id="projectVersion" class="pull-right">Version: 0.8-incubating</li>

                             </ul>
       </div>


         <div id="bodyColumn" >

             <div class="section">
 <h3><a name="Authentication__Authorization_in_Apache_Atlas."></a>Authentication &amp; Authorization in Apache Atlas.</h3></div>
 <div class="section">
 <h4><a name="Authentication"></a>Authentication</h4>
 <p>Atlas supports following authentication methods</p>
 <p></p>
 <ul>
 <li><b>File</b></li>
 <li><b>Kerberos</b></li>
 <li><b>LDAP</b></li></ul>
 <p>Following properties should be set true to enable the authentication of that type in <tt>atlas-application.properties</tt> file.</p>
 <div class="source">
 <pre>
 atlas.authentication.method.kerberos=true|false
 atlas.authentication.method.ldap=true|false
 atlas.authentication.method.file=true|false

 </pre></div>
 <p>If two or more authentication methods are set to true, then the authentication falls back to the latter method if the earlier one fails. For example if Kerberos authentication is set to true and ldap authentication is also set to true then, if for a request without kerberos principal and keytab LDAP authentication will be used as a fallback scenario.</p></div>
 <div class="section">
 <h5><a name="FILE_method."></a>FILE method.</h5>
 <p>File authentication requires users' login details in users credentials file in the format specified below and the file path should set to property <tt>atlas.authentication.method.file.filename</tt> in <tt>atlas-application.properties</tt>.</p>
 <div class="source">
 <pre>
 atlas.authentication.method.file=true
 atlas.authentication.method.file.filename=${sys:atlas.home}/conf/users-credentials.properties

 </pre></div>
 <p>The users credentials file should have below format</p>
 <div class="source">
 <pre>
 username=group::sha256-password

 </pre></div>
 <p>For e.g.</p>
 <div class="source">
 <pre>
 admin=ADMIN::e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a

 </pre></div>
 <p>Users group can be either <b>ADMIN</b>, <b>DATA_STEWARD</b> OR <b>DATA_SCIENTIST</b></p>
 <p><b>Note</b>:-password is encoded with sha256 encoding method and can be generated using unix tool.</p>
 <p>For e.g.</p>
 <div class="source">
 <pre>
 echo -n &quot;Password&quot; | sha256sum
 e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a  -

 </pre></div></div>
 <div class="section">
 <h5><a name="Kerberos_Method."></a>Kerberos Method.</h5>
 <p>To enable the authentication in Kerberos mode in Atlas, set the property <tt>atlas.authentication.method.kerberos</tt> to true in <tt>atlas-application.properties</tt></p>
 <div class="source">
 <pre>
 atlas.authentication.method.kerberos = true

 </pre></div>
 <p>Also following properties should be set.</p>
 <div class="source">
 <pre>
 atlas.authentication.method.kerberos.principal=&lt;principal&gt;/&lt;fqdn&gt;@EXAMPLE.COM
 atlas.authentication.method.kerberos.keytab = /&lt;key tab filepath&gt;.keytab
 atlas.authentication.method.kerberos.name.rules = RULE:[2:$1@$0](atlas@EXAMPLE.COM)s/.*/atlas/

 </pre></div></div>
 <div class="section">
 <h5><a name="LDAP_Method."></a>LDAP Method.</h5>
 <p>To enable the authentication in LDAP mode in Atlas, set the property <tt>atlas.authentication.method.ldap</tt> to true and also set Ldap type to property <tt>atlas.authentication.method.ldap.type</tt> to LDAP or AD in <tt>atlas-application.properties</tt>. Use AD if connecting to Active Directory.</p>
 <div class="source">
 <pre>
 atlas.authentication.method.ldap=true
 atlas.authentication.method.ldap.type=ldap|ad

 </pre></div>
 <p>For LDAP or AD the following configuration needs to be set in atlas application properties.</p>
 <p><b>Active Directory</b></p>
 <div class="source">
 <pre>
 atlas.authentication.method.ldap.ad.domain= example.com
 atlas.authentication.method.ldap.ad.url=ldap://&lt;AD server ip&gt;:389
 atlas.authentication.method.ldap.ad.base.dn=DC=example,DC=com
 atlas.authentication.method.ldap.ad.bind.dn=CN=Administrator,CN=Users,DC=example,DC=com
 atlas.authentication.method.ldap.ad.bind.password=&lt;password&gt;
 atlas.authentication.method.ldap.ad.referral=ignore
 atlas.authentication.method.ldap.ad.user.searchfilter=(sAMAccountName={0})
 atlas.authentication.method.ldap.ad.default.role=ROLE_USER

 </pre></div>
 <p><b>LDAP Directroy</b></p>
 <div class="source">
 <pre>
 atlas.authentication.method.ldap.url=ldap://&lt;Ldap server ip&gt;:389
 atlas.authentication.method.ldap.userDNpattern=uid={0],ou=users,dc=example,dc=com
 atlas.authentication.method.ldap.groupSearchBase=dc=example,dc=com
 atlas.authentication.method.ldap.groupSearchFilter=(member=cn={0},ou=users,dc=example,dc=com
 atlas.authentication.method.ldap.groupRoleAttribute=cn
 atlas.authentication.method.ldap.base.dn=dc=example,dc=com
 atlas.authentication.method.ldap.bind.dn=cn=Manager,dc=example,dc=com
 atlas.authentication.method.ldap.bind.password=&lt;password&gt;
 atlas.authentication.method.ldap.referral=ignore
 atlas.authentication.method.ldap.user.searchfilter=(uid={0})
 atlas.authentication.method.ldap.default.role=ROLE_USER

 </pre></div></div>
 <div class="section">
 <h4><a name="Authorization"></a>Authorization</h4></div>
 <div class="section">
 <h5><a name="Atlas_Authorization_Methods_SimpleRanger"></a>Atlas Authorization Methods [Simple/Ranger]</h5>
 <p>To set authorization in atlas, update the <tt>atlas.authorizer.impl</tt> properties in <tt>atlas-application.properties</tt></p>
 <ul>
 <li><b>Simple</b></li>
 <li><b>Ranger</b></li></ul>
 <div class="source">
 <pre>
 atlas.authorizer.impl=simple | ranger | &lt;Qualified Authorizer Class Name&gt;

 </pre></div></div>
 <div class="section">
 <h5><a name="Simple_Authorizer."></a>Simple Authorizer.</h5>
 <p>In Simple Authorizer the policy store file is configured locally. The path of policy store file is set in <tt>atlas.auth.policy.file</tt> property of <tt>atlas-application.properties</tt></p>
 <div class="source">
 <pre>
 atlas.auth.policy.file={{conf_dir}}/policy-store.txt

 </pre></div>
 <p>The policy store file format is as follows:</p>
 <div class="source">
 <pre>
 Policy_Name;;User_Name:Operations_Allowed;;Group_Name:Operations_Allowed;;Resource_Type:Resource_Name

 </pre></div>
 <p>eg. of admin policy:</p>
 <div class="source">
 <pre>
 adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:*,entity:*,operation:*,taxonomy:*,term:*

 </pre></div>
 <p>Note : The User_Name, Group_Name and Operations_Allowed are comma(,) separated lists.</p>
 <p>Authorizer Resource Types:</p>
 <ul>
 <li>Operation</li>
 <li>Type</li>
 <li>Entity</li>
 <li>Taxonomy</li>
 <li>Term</li>
 <li>Unknown</li></ul>
 <p>Operations_Allowed are  r = read, w = write, u = update, d = delete</p></div>
 <div class="section">
 <h5><a name="Ranger_Authorizer."></a>Ranger Authorizer.</h5>
 <p>Ranger Authorizer is enabled by activating Atlas-Ranger plugin from Ambari.</p>
 <p>For more details visit the <a class="externalLink" href="http://ranger.apache.org/">Apache-Ranger documentation</a>.</p></div>
                   </div>
           </div>

     <hr/>

     <footer>
             <div class="container">
               <div class="row span12">Copyright &copy;                    2015-2017
                         <a href="http://www.apache.org">Apache Software Foundation</a>.
             All Rights Reserved.

       </div>


                 <p id="poweredBy" class="pull-right">
                           <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
         <img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
       </a>
               </p>

                 </div>
     </footer>
   </body>
 </html>
	<!DOCTYPE html>
	<!--
	\| Generated by Apache Maven Doxia at 2017-03-16
	\| Rendered using Apache Maven Fluido Skin 1.3.0
	-->
	<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
	<head>
	<meta charset="UTF-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
	<meta name="Date-Revision-yyyymmdd" content="20170316" />
	<meta http-equiv="Content-Language" content="en" />
	<title>Apache Atlas – Authentication & Authorization in Apache Atlas.</title>
	<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
	<link rel="stylesheet" href="./css/site.css" />
	<link rel="stylesheet" href="./css/print.css" media="print" />


	<script type="text/javascript" src="./js/apache-maven-fluido-1.3.0.min.js"></script>



	<script type="text/javascript">$( document ).ready( function() { $( '.carousel' ).carousel( { interval: 3500 } ) } );</script>

	</head>
	<body class="topBarEnabled">





	<div id="topbar" class="navbar navbar-fixed-top ">
	<div class="navbar-inner">
	<div class="container" style="width: 68%;"><div class="nav-collapse">


	<ul class="nav">
	<li class="dropdown">
	<a href="#" class="dropdown-toggle" data-toggle="dropdown">Atlas <b class="caret"></b></a>
	<ul class="dropdown-menu">

	<li> <a href="index.html" title="About">About</a>
	</li>

	<li> <a href="https://cwiki.apache.org/confluence/display/ATLAS" title="Wiki">Wiki</a>
	</li>

	<li> <a href="https://cwiki.apache.org/confluence/display/ATLAS" title="News">News</a>
	</li>

	<li> <a href="https://git-wip-us.apache.org/repos/asf/incubator-atlas.git" title="Git">Git</a>
	</li>

	<li> <a href="https://issues.apache.org/jira/browse/ATLAS" title="Jira">Jira</a>
	</li>

	<li> <a href="https://cwiki.apache.org/confluence/display/ATLAS/PoweredBy" title="Powered by">Powered by</a>
	</li>

	<li> <a href="http://blogs.apache.org/atlas/" title="Blog">Blog</a>
	</li>
	</ul>
	</li>
	<li class="dropdown">
	<a href="#" class="dropdown-toggle" data-toggle="dropdown">Project Information <b class="caret"></b></a>
	<ul class="dropdown-menu">

	<li> <a href="project-info.html" title="Summary">Summary</a>
	</li>

	<li> <a href="mail-lists.html" title="Mailing Lists">Mailing Lists</a>
	</li>

	<li> <a href="http://webchat.freenode.net?channels=apacheatlas&uio=d4" title="IRC">IRC</a>
	</li>

	<li> <a href="team-list.html" title="Team">Team</a>
	</li>

	<li> <a href="issue-tracking.html" title="Issue Tracking">Issue Tracking</a>
	</li>

	<li> <a href="source-repository.html" title="Source Repository">Source Repository</a>
	</li>

	<li> <a href="license.html" title="License">License</a>
	</li>
	</ul>
	</li>
	<li class="dropdown">
	<a href="#" class="dropdown-toggle" data-toggle="dropdown">Releases <b class="caret"></b></a>
	<ul class="dropdown-menu">

	<li> <a href="http://www.apache.org/dyn/closer.cgi/incubator/atlas/0.8.0-incubating/" title="0.8-incubating">0.8-incubating</a>
	</li>

	<li> <a href="http://archive.apache.org/dist/incubator/atlas/0.7.1-incubating/" title="0.7.1-incubating">0.7.1-incubating</a>
	</li>

	<li> <a href="http://archive.apache.org/dist/incubator/atlas/0.7.0-incubating/" title="0.7-incubating">0.7-incubating</a>
	</li>

	<li> <a href="http://archive.apache.org/dist/incubator/atlas/0.6.0-incubating/" title="0.6-incubating">0.6-incubating</a>
	</li>

	<li> <a href="http://archive.apache.org/dist/incubator/atlas/0.5.0-incubating/" title="0.5-incubating">0.5-incubating</a>
	</li>
	</ul>
	</li>
	<li class="dropdown">
	<a href="#" class="dropdown-toggle" data-toggle="dropdown">Documentation <b class="caret"></b></a>
	<ul class="dropdown-menu">
	<li><a href="../index.html" title="latest">latest</a></li>
	<li><a href="../0.8.0-incubating/index.html" title="0.8-incubating">0.8-incubating</a></li>
	<li><a href="../0.7.1-incubating/index.html" title="0.7.1-incubating">0.7.1-incubating</a></li>
	<li><a href="../0.7.0-incubating/index.html" title="0.7-incubating">0.7-incubating</a></li>
	<li><a href="../0.6.0-incubating/index.html" title="0.6-incubating">0.6-incubating</a></li>
	<li><a href="../0.5.0-incubating/index.html" title="0.5-incubating">0.5-incubating</a></li>
	</ul>
	</li>
	<li class="dropdown">
	<a href="#" class="dropdown-toggle" data-toggle="dropdown">ASF <b class="caret"></b></a>
	<ul class="dropdown-menu">

	<li> <a href="http://www.apache.org/foundation/how-it-works.html" title="How Apache Works">How Apache Works</a>
	</li>

	<li> <a href="http://www.apache.org/foundation/" title="Foundation">Foundation</a>
	</li>

	<li> <a href="http://www.apache.org/foundation/sponsorship.html" title="Sponsoring Apache">Sponsoring Apache</a>
	</li>

	<li> <a href="http://www.apache.org/foundation/thanks.html" title="Thanks">Thanks</a>
	</li>
	</ul>
	</li>
	</ul>

	<form id="search-form" action="http://www.google.com/search" method="get" class="navbar-search pull-right" >

	<input value="http://atlas.incubator.apache.org" name="sitesearch" type="hidden"/>
	<input class="search-query" name="q" id="query" type="text" />
	</form>
	<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=search-form"></script>





	<iframe src="http://www.facebook.com/plugins/like.php?href=http://atlas.incubator.apache.org/atlas-docs&send=false&layout=button_count&show-faces=false&action=like&colorscheme=dark"
	scrolling="no" frameborder="0"
	style="border:none; width:80px; height:20px; margin-top: 10px;" class="pull-right" ></iframe>

	<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>

	<ul class="nav pull-right"><li style="margin-top: 10px;">

	<div class="g-plusone" data-href="http://atlas.incubator.apache.org/atlas-docs" data-size="medium" width="60px" align="right" ></div>

	</li></ul>


	</div>

	</div>
	</div>
	</div>

	<div class="container">
	<div id="banner">
	<div class="pull-left">
	<a href=".." id="bannerLeft">
	<img src="images/atlas-logo.png" alt="Apache Atlas" width="200px" height="45px"/>
	</a>
	</div>
	<div class="pull-right"> <a href="http://incubator.apache.org" id="bannerRight">
	<img src="images/apache-incubator-logo.png" alt="Apache Incubator"/>
	</a>
	</div>
	<div class="clear"><hr/></div>
	</div>

	<div id="breadcrumbs">
	<ul class="breadcrumb">


	<li class="">
	<a href="http://www.apache.org" class="externalLink" title="Apache">
	Apache</a>
	</li>
	<li class="divider ">/</li>
	<li class="">
	<a href="index.html" title="Atlas">
	Atlas</a>
	</li>
	<li class="divider ">/</li>
	<li class="">Authentication & Authorization in Apache Atlas.</li>



	<li id="publishDate" class="pull-right">Last Published: 2017-03-16</li> <li class="divider pull-right">\|</li>
	<li id="projectVersion" class="pull-right">Version: 0.8-incubating</li>

	</ul>
	</div>



	<div id="bodyColumn" >

	<div class="section">
	<h3><a name="Authentication__Authorization_in_Apache_Atlas."></a>Authentication & Authorization in Apache Atlas.</h3></div>
	<div class="section">
	<h4><a name="Authentication"></a>Authentication</h4>
	<p>Atlas supports following authentication methods</p>
	<p></p>
	<ul>
	<li><b>File</b></li>
	<li><b>Kerberos</b></li>
	<li><b>LDAP</b></li></ul>
	<p>Following properties should be set true to enable the authentication of that type in <tt>atlas-application.properties</tt> file.</p>
	<div class="source">
	<pre>
	atlas.authentication.method.kerberos=true\|false
	atlas.authentication.method.ldap=true\|false
	atlas.authentication.method.file=true\|false

	</pre></div>
	<p>If two or more authentication methods are set to true, then the authentication falls back to the latter method if the earlier one fails. For example if Kerberos authentication is set to true and ldap authentication is also set to true then, if for a request without kerberos principal and keytab LDAP authentication will be used as a fallback scenario.</p></div>
	<div class="section">
	<h5><a name="FILE_method."></a>FILE method.</h5>
	<p>File authentication requires users' login details in users credentials file in the format specified below and the file path should set to property <tt>atlas.authentication.method.file.filename</tt> in <tt>atlas-application.properties</tt>.</p>
	<div class="source">
	<pre>
	atlas.authentication.method.file=true
	atlas.authentication.method.file.filename=${sys:atlas.home}/conf/users-credentials.properties

	</pre></div>
	<p>The users credentials file should have below format</p>
	<div class="source">
	<pre>
	username=group::sha256-password

	</pre></div>
	<p>For e.g.</p>
	<div class="source">
	<pre>
	admin=ADMIN::e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a

	</pre></div>
	<p>Users group can be either <b>ADMIN</b>, <b>DATA_STEWARD</b> OR <b>DATA_SCIENTIST</b></p>
	<p><b>Note</b>:-password is encoded with sha256 encoding method and can be generated using unix tool.</p>
	<p>For e.g.</p>
	<div class="source">
	<pre>
	echo -n "Password" \| sha256sum
	e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a -

	</pre></div></div>
	<div class="section">
	<h5><a name="Kerberos_Method."></a>Kerberos Method.</h5>
	<p>To enable the authentication in Kerberos mode in Atlas, set the property <tt>atlas.authentication.method.kerberos</tt> to true in <tt>atlas-application.properties</tt></p>
	<div class="source">
	<pre>
	atlas.authentication.method.kerberos = true

	</pre></div>
	<p>Also following properties should be set.</p>
	<div class="source">
	<pre>
	atlas.authentication.method.kerberos.principal=<principal>/<fqdn>@EXAMPLE.COM
	atlas.authentication.method.kerberos.keytab = /<key tab filepath>.keytab
	atlas.authentication.method.kerberos.name.rules = RULE:[2:$1@$0](atlas@EXAMPLE.COM)s/.*/atlas/

	</pre></div></div>
	<div class="section">
	<h5><a name="LDAP_Method."></a>LDAP Method.</h5>
	<p>To enable the authentication in LDAP mode in Atlas, set the property <tt>atlas.authentication.method.ldap</tt> to true and also set Ldap type to property <tt>atlas.authentication.method.ldap.type</tt> to LDAP or AD in <tt>atlas-application.properties</tt>. Use AD if connecting to Active Directory.</p>
	<div class="source">
	<pre>
	atlas.authentication.method.ldap=true
	atlas.authentication.method.ldap.type=ldap\|ad

	</pre></div>
	<p>For LDAP or AD the following configuration needs to be set in atlas application properties.</p>
	<p><b>Active Directory</b></p>
	<div class="source">
	<pre>
	atlas.authentication.method.ldap.ad.domain= example.com
	atlas.authentication.method.ldap.ad.url=ldap://<AD server ip>:389
	atlas.authentication.method.ldap.ad.base.dn=DC=example,DC=com
	atlas.authentication.method.ldap.ad.bind.dn=CN=Administrator,CN=Users,DC=example,DC=com
	atlas.authentication.method.ldap.ad.bind.password=<password>
	atlas.authentication.method.ldap.ad.referral=ignore
	atlas.authentication.method.ldap.ad.user.searchfilter=(sAMAccountName={0})
	atlas.authentication.method.ldap.ad.default.role=ROLE_USER

	</pre></div>
	<p><b>LDAP Directroy</b></p>
	<div class="source">
	<pre>
	atlas.authentication.method.ldap.url=ldap://<Ldap server ip>:389
	atlas.authentication.method.ldap.userDNpattern=uid={0],ou=users,dc=example,dc=com
	atlas.authentication.method.ldap.groupSearchBase=dc=example,dc=com
	atlas.authentication.method.ldap.groupSearchFilter=(member=cn={0},ou=users,dc=example,dc=com
	atlas.authentication.method.ldap.groupRoleAttribute=cn
	atlas.authentication.method.ldap.base.dn=dc=example,dc=com
	atlas.authentication.method.ldap.bind.dn=cn=Manager,dc=example,dc=com
	atlas.authentication.method.ldap.bind.password=<password>
	atlas.authentication.method.ldap.referral=ignore
	atlas.authentication.method.ldap.user.searchfilter=(uid={0})
	atlas.authentication.method.ldap.default.role=ROLE_USER

	</pre></div></div>
	<div class="section">
	<h4><a name="Authorization"></a>Authorization</h4></div>
	<div class="section">
	<h5><a name="Atlas_Authorization_Methods_SimpleRanger"></a>Atlas Authorization Methods [Simple/Ranger]</h5>
	<p>To set authorization in atlas, update the <tt>atlas.authorizer.impl</tt> properties in <tt>atlas-application.properties</tt></p>
	<ul>
	<li><b>Simple</b></li>
	<li><b>Ranger</b></li></ul>
	<div class="source">
	<pre>
	atlas.authorizer.impl=simple \| ranger \| <Qualified Authorizer Class Name>

	</pre></div></div>
	<div class="section">
	<h5><a name="Simple_Authorizer."></a>Simple Authorizer.</h5>
	<p>In Simple Authorizer the policy store file is configured locally. The path of policy store file is set in <tt>atlas.auth.policy.file</tt> property of <tt>atlas-application.properties</tt></p>
	<div class="source">
	<pre>
	atlas.auth.policy.file={{conf_dir}}/policy-store.txt

	</pre></div>
	<p>The policy store file format is as follows:</p>
	<div class="source">
	<pre>
	Policy_Name;;User_Name:Operations_Allowed;;Group_Name:Operations_Allowed;;Resource_Type:Resource_Name

	</pre></div>
	<p>eg. of admin policy:</p>
	<div class="source">
	<pre>
	adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:,entity:,operation:,taxonomy:,term:*

	</pre></div>
	<p>Note : The User_Name, Group_Name and Operations_Allowed are comma(,) separated lists.</p>
	<p>Authorizer Resource Types:</p>
	<ul>
	<li>Operation</li>
	<li>Type</li>
	<li>Entity</li>
	<li>Taxonomy</li>
	<li>Term</li>
	<li>Unknown</li></ul>
	<p>Operations_Allowed are r = read, w = write, u = update, d = delete</p></div>
	<div class="section">
	<h5><a name="Ranger_Authorizer."></a>Ranger Authorizer.</h5>
	<p>Ranger Authorizer is enabled by activating Atlas-Ranger plugin from Ambari.</p>
	<p>For more details visit the <a class="externalLink" href="http://ranger.apache.org/">Apache-Ranger documentation</a>.</p></div>
	</div>
	</div>

	<hr/>

	<footer>
	<div class="container">
	<div class="row span12">Copyright © 2015-2017
	<a href="http://www.apache.org">Apache Software Foundation</a>.
	All Rights Reserved.

	</div>


	<p id="poweredBy" class="pull-right">
	<a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy">
	<img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" />
	</a>
	</p>

	</div>
	</footer>
	</body>
	</html>