02-16-2016 08:04 AM
Is there any way to authorize hive databases based on HDFS ACLs and AD instead of using sentry? I know it would be difficult to maintain all roles. will it be possible atleast for small scale ?
02-28-2016 04:16 PM
The short answer is no.
The problem is that HDFS ACLs protect the data in HDFS, but it does nothing to protect the metadata inside the Hive metastore. Sentry comes with a plugin for the Hive Metastore Server that is used for exactly that purpose.
You didn't clarify what you meant by AD. AD is a lot of things, and specifically for this conversation it could be the mechanism that provides group memberships, and/or it could be LDAP authentication for HiveServer2. Neither of these things are a substitute for Sentry, but rather, complementary pieces to integrate better with your enterprise infrastructure.