Support Questions
Find answers, ask questions, and share your expertise

How to test the local groups created in Sentry policy file

How to test the local groups created in Sentry policy file

For the sake of creating POC, i have create local groups in the policy file sentry-provider.ini

[databases]
# Defines the location of the per DB policy file for the customers DB/schema 
dw_arcticblue_staging = hdfs://quickstart.cloudera:8020/home/cloudera/Desktop/dw_arcticblue_staging_policy.ini 

[groups]
# Assigns each Hadoop group to its set of roles 
group1 = analyst_role
group2 = admin_role 
group3 = analyst_role[users]
user1 = group1, group2, group3
user2 = group2, group3

[roles]
# The uris below define a define a landing skid which
# the user can use to import or export data from the system.
# Since the server runs as the user "hive" files in that directory
# must either have the group hive and read/write set or
# be world read/write.
analyst_role = server=server1->db=dw_arcticblue_staging ->table=*->action=select 
admin_role = server=server1->db=dw_arcticblue_staging ->table=*->action=select, \ 
server=server1->db=dw_arcticblue_staging ->table=*->action=Insert

# Implies everything on server1 -> customers. Privileges for
# customers can be defined in the global policy file even though 
# customers has its only policy file. Note that the Privileges from
# both the global policy file and the per-DB policy file
# are merged. There is no overriding.
arcticeblue_admin_role = server=server1->db=dw_arcticblue_staging 

# Implies everything on server1.
admin_role = server=server1

DW_ArcticBlue_staging_policy.ini

[groups]
group1 = dw_all_access

[roles]
dw_all_acess = server = NirvanaServer -> db = dw_arcticblue_staging -> table = * -> action = Insert,\ 
server = NirvanaServer -> db = dw_arcticblue_staging -> table = * -> action = Select

I have updated all configurations in hive and yarn as recommended. Few things which i dont understand

  1. How to test the user1,user2 that whether they are authorized or not ? I want to test from hive / impala cli .User1, User2 etc created in the policy file are not real users to login with.
  2. We need to create a HDFS sentry-provider.ini file. How we could create ini file in linux? i did not find any relevant document

Any help how to test the authorization using sentry on hive???

2 REPLIES 2

Re: How to test the local groups created in Sentry policy file