Hi,
Unless it has changed since I last used sentry (which is possible), it is a little different than how ranger works.
In ranger you can explicitely defined security rules for HDFS.
In Sentry, there is a plugin that synchronize the Hive/Impala security rules with HDFS ACLs (on a list of HDFS directories). What does it means ?
- If you grant "SELECT" permissions on a table for a group, then it will give "read" permission on HDFS on the folder of that table.
- If you grant "INSERT" permissions on a database for a group, then it will give "write" permission on HDFS on the root folder of the database.
- etc.
https://www.cloudera.com/documentation/enterprise/latest/topics/sg_hdfs_sentry_sync.html
regards,
Mathieu