0

Sentry has two models.one is file based model and second is database model.I currently have groups->roles-> permissions mapping in global policy file as below:

[groups]
mapr = admin_role
analysts = analysts_role
reporters = reporters_role,globalreader_role
managers = managers_role

[roles]
admin_role = server=mydbserver
analysts_role = server=mydbserver->db=db1
reporters_role = server=mydbserver->db=db2
managers_role = server=mydbserver->db=*
globalreader_role = server=mydbserver->db=*->table=*->action=select

I want to switch to database model to load the above policies instead of file based model.How can we prepopulate the following sentry_store database tables to achieve the authorization policy? I don't see any examples anywhere.

Tables in Sentry_Store database:

SENTRY_DB_PRIVILEGE          
SENTRY_GM_PRIVILEGE          
SENTRY_GROUP                 
SENTRY_ROLE                  
SENTRY_ROLE_DB_PRIVILEGE_MAP 
SENTRY_ROLE_GM_PRIVILEGE_MAP 
SENTRY_ROLE_GROUP_MAP        
SENTRY_VERSION
Marc
  • 19,394
  • 6
  • 47
  • 51
srini
  • 39
  • 1
  • 1
  • 7

1 Answers1

0

Since 1.4.0, Sentry can import configuration from a policy file using the config-tool. You just need to set HIVE_HOME to the path of your Hive installation first.

Usage example:

export HIVE_HOME=/opt/cloudera/parcels/CDH/lib/hive
sentry --command config-tool --import -i hdfs://namenode:8020/user/hive/sentry/sentry-provider.ini

This tool is documented in ASF JIRA

Burrito
  • 1,475
  • 19
  • 27