Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Hive authorization with ACLs without sentry

Hive authorization with ACLs without sentry

Rising Star



Is there any way to authorize hive databases based on HDFS ACLs and AD instead of using sentry? I know it would be difficult to maintain all roles. will it be possible atleast for small scale ?

Sathish (Satz)

Re: Hive authorization with ACLs without sentry

Cloudera Employee

The short answer is no.


The problem is that HDFS ACLs protect the data in HDFS, but it does nothing to protect the metadata inside the Hive metastore.  Sentry comes with a plugin for the Hive Metastore Server that is used for exactly that purpose.


You didn't clarify what you meant by AD.  AD is a lot of things, and specifically for this conversation it could be the mechanism that provides group memberships, and/or it could be LDAP authentication for HiveServer2.  Neither of these things are a substitute for Sentry, but rather, complementary pieces to integrate better with your enterprise infrastructure.

Don't have an account?
Coming from Hortonworks? Activate your account here