Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Enable sentry since users have access to all schemas and table objects

Enable sentry since users have access to all schemas and table objects

New Contributor

We are on CDH 5.7.1, kerberos enabled, now Ad users can access the hue editor to view database schemas and run queries on hiv / impala.

 

The problem is users have access to all schemas / table objects,

 

Want to enable the sentry on HIVE.

 

Question: we are using Winbind (kerberos) can we enable the sentry. i read on enabling sentry article that cloudera does'nt support sentry on winbind.

 

will it work, can we be able to enable sentry. since cloudera says winbind has security issues, for that they don't support.

 

Thanks a lot for the helpful info.

 

1 REPLY 1

Re: Enable sentry since users have access to all schemas and table objects

Rising Star
Hi,
If you've successfully configured winbind and are able to manage users on your cluster using this then there sentry ought to work. That said, as you pointed out it's not a supported cluster configuration. The quote below is taken from Cloudera's documentation and explains why this is the case:

"Cloudera does not support the use of Winbind in production environments. Winbind uses an inefficient approach to user/group mapping, which may lead to low performance or cluster failures as the size of the cluster, and the number of users and groups increases."

Regards,
Jim