How Guardian 5.0 Revolutionizes Big Data Security with Multi‑Granular Permissions

Multi‑Granular Permission Management

Guardian 5.0 adds new permissions and optimizes permission settings, offering multiple granularity levels. It provides a unified RBAC model for components such as HDFS, YARN, Inceptor, Hyperbase, Workflow, and Midas. Service‑level ACCESS permission ensures users can access a service only if they hold the ACCESS right.

Dynamic service administrator settings replace the old static super‑admin configuration, enabling finer‑grained control. For services like Inceptor, Guardian supports coarse‑grained global and database permissions, as well as finer‑grained table, row, and column permissions.

Resource Control

Integrated with Inceptor Scheduler, Guardian 5.0 offers fine‑grained resource control, allowing administrators to set per‑user queue limits, CPU allocations, queue weights, and SQL submission caps. It also provides configuration interfaces for HDFS quotas, YARN queues, Inceptor databases/tables, and Discover user quotas, visualizing cluster resource usage.

Operations Simplification

Guardian 5.0 uses a Java‑based ApacheDS single service to implement standard LDAP and Kerberos authentication, replacing the previous OpenLDAP+Kerberos setup and simplifying deployment while improving authentication efficiency.

All component permission data is stored centrally in ApacheDS, allowing permission and quota settings even when services are abnormal or offline, decoupling resource management from service status. A friendly logging system and clear error messages further reduce operational difficulty.

Transwarp Manager 5.0 adds one‑click installation, master‑slave backup, role migration, and status monitoring, ensuring convenient deployment and secure user/permission data.

Summary and Outlook

This article highlighted Guardian 5.0’s new features: independent service architecture, unified LDAP/Kerberos/JWT authentication, enhanced ARBAC model, one‑stop resource management, improved REST/Web APIs, and streamlined operations. Future work includes permission penetration across services, broader support for Zookeeper, Kafka, and Rubik, and continued development of a comprehensive, easy‑to‑use big‑data security solution.