Support Questions
Find answers, ask questions, and share your expertise

Hive authorization with ACLs without sentry

Hive authorization with ACLs without sentry

Rising Star



Is there any way to authorize hive databases based on HDFS ACLs and AD instead of using sentry? I know it would be difficult to maintain all roles. will it be possible atleast for small scale ?

Sathish (Satz)

Re: Hive authorization with ACLs without sentry

Cloudera Employee

The short answer is no.


The problem is that HDFS ACLs protect the data in HDFS, but it does nothing to protect the metadata inside the Hive metastore.  Sentry comes with a plugin for the Hive Metastore Server that is used for exactly that purpose.


You didn't clarify what you meant by AD.  AD is a lot of things, and specifically for this conversation it could be the mechanism that provides group memberships, and/or it could be LDAP authentication for HiveServer2.  Neither of these things are a substitute for Sentry, but rather, complementary pieces to integrate better with your enterprise infrastructure.