Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Create Select Only user in HUE / Impala without enabling Sentry

Create Select Only user in HUE / Impala without enabling Sentry

New Contributor

Hello Everyone,

 

Is there a way to permit SELECT only impala queries in HUE without enabling and configuring Sentry service? (maybe in OS level)

The problem with enabling Sentry is that I have to first enable Kerberos and before that renaming some of my nodes.

There is the option to enable Sentry testing mode but Cloudera does not recommend that in production environments.

2 REPLIES 2
Highlighted

Re: Create Select Only user in HUE / Impala without enabling Sentry

Sentry testing mode would be your only option that I can think of.

 

The problem with using Sentry without Kerberos or LDAP authentication is that it doesn't provide any real security since the client isn't authenticated. So we don't recommend in production because it provides the illusion of security but no security.

Highlighted

Re: Create Select Only user in HUE / Impala without enabling Sentry

New Contributor

Thank you for your reply Tim.

 

Just to clarify, security-wise, are we better off with our current configuration (default), with sentry service disabled, or with sentry enabled in testing mode?

 

You mentioned that sentry in testing mode does not authenticate the clients, but in the documentation it is mentioned that testing mode uses weaker authentication mechanisms.

 

We need this in order to prevent our analysts from doing accidental writes, drops, etc. on the data.

 

Our cluster is in a secure isolated environment.

 

 

Don't have an account?
Coming from Hortonworks? Activate your account here