Hi, I'm trying to document introductory-level security requirements for Trafodion, both runtime and during provisining (installation/upgrade/resizing/removal).
This is what I have for runtime: The `trafodion:trafodion` user ID is created as part of the installation process. Trafodion runs under this ID, which must be registered as a user in the Hadoop Distributed File System (HDFS) to store and access objects in HDFS, HBase, and Hive. In addition, the `trafodion` user ID required passwordless access among the nodes where Trafodion is installed to run cross-node Trafodion functions such as scripts. Trafodion requires that either HDFS ACLs or Kerberos is enabled. Trafodion users are managed by the Trafodion SQL security features (grant, revoke, etc.), which can be integrated with LDAP if so desired. These users are referred to as *database users* and do not have direct access to the operating system. What did I miss? What did I get wrong? -- Thanks, Gunnar *If you think you can you can, if you think you can't you're right.*
