I have configured Apache Sentry using Cloudera Manager in my machine, can anyone explain start up commands to work with Apache Sentry - Cloudera?
Asked
Active
Viewed 894 times
1
-
Are you done with strong authentication like kerberos.? – rbyndoor Jul 01 '15 at 15:51
-
yeah .. can i know the login in command as well as few commands to start up with sentry – jyotsna Jul 02 '15 at 11:18
-
Can anyone help working with apache sentry ? – jyotsna Jul 16 '15 at 11:13
1 Answers
1
for which services do you want to configure authorization via Sentry ? ..and which version of CM/CDH are you using ?
You can start creating policies either by using Hue's 'Security' menu, or by using commandline interfaces like e.g. beeline (to create policies for Hive/Impala), or solrctl sentry command for SOLR....depends on which service you want to handle. Recent versions of Sentry and CDH-Kafka can also manage Kafka ACLs.
Sentry uses the group-mapping mechanism from underlying Linux box, hence groups known in the OS can be used to grant permissions via Sentry. Sentry follows RBAC (role based access control), means you first create role(s), then grant privileges to those role(s) and then link group(s) to your role(s).
Sample scenario: create an admin user in the CDH sandbox
beeline -n cloudera -u "jdbc:hive2://quickstart.cloudera:10000/default"
create role sentry_admin;
GRANT ALL ON SERVER server1 TO ROLE sentry_admin;
GRANT ROLE sentry_admin TO GROUP cloudera;
# add group cloudera to Sentry property "sentry.service.admin.group", so that user 'cloudera' can administrate privileges/roles/..
A more detailled explanation can be found here: https://www.cloudera.com/documentation/enterprise/5-8-x/topics/sg_sentry_overview.html
HTH...
GeKo
- 141
- 2
- 11