For the sake of creating POC, i have create local groups in the policy file sentry-provider.ini
[databases] # Defines the location of the per DB policy file for the customers DB/schema dw_arcticblue_staging = hdfs://quickstart.cloudera:8020/home/cloudera/Desktop/dw_arcticblue_staging_policy.ini [groups] # Assigns each Hadoop group to its set of roles group1 = analyst_role group2 = admin_role group3 = analyst_role[users] user1 = group1, group2, group3 user2 = group2, group3 [roles] # The uris below define a define a landing skid which # the user can use to import or export data from the system. # Since the server runs as the user "hive" files in that directory # must either have the group hive and read/write set or # be world read/write. analyst_role = server=server1->db=dw_arcticblue_staging ->table=*->action=select admin_role = server=server1->db=dw_arcticblue_staging ->table=*->action=select, \ server=server1->db=dw_arcticblue_staging ->table=*->action=Insert # Implies everything on server1 -> customers. Privileges for # customers can be defined in the global policy file even though # customers has its only policy file. Note that the Privileges from # both the global policy file and the per-DB policy file # are merged. There is no overriding. arcticeblue_admin_role = server=server1->db=dw_arcticblue_staging # Implies everything on server1. admin_role = server=server1 DW_ArcticBlue_staging_policy.ini [groups] group1 = dw_all_access [roles] dw_all_acess = server = NirvanaServer -> db = dw_arcticblue_staging -> table = * -> action = Insert,\ server = NirvanaServer -> db = dw_arcticblue_staging -> table = * -> action = Select
I have updated all configurations in hive and yarn as recommended. Few things which i dont understand
Any help how to test the authorization using sentry on hive???