Support Questions
Find answers, ask questions, and share your expertise

Sentry :: Enabling Sentry for Hive

Highlighted

Sentry :: Enabling Sentry for Hive

Explorer

Hello,

 

I have CDH 5.2 installed on a 2 node cluster. I also have an OpenLDAP server setup separately. I was successful in configuring Hive with LDAP.  I've used the 'LDAP' protocol (ldap://hostname:389 and not ldaps://hostname:636). I'm trying to enable Sentry with Hive now. LDAP was configured with Hive as it seems to be a pre-requisite. I donot have Kerberos enabled. I'm have set sentry.hive.testing.mode to true in sentry-site.xml so that I can skip enabling kerberos for the time being.

My question is:

1. Can sentry be enabled with ldap? or is ldaps required to enable sentry?

2. Could you please give me some documentation or links which will help me in enabling sentry for Hive? any or all sources will be helpful.

 

Any information will be helpful.

 

Thanks and Regards,

Gaurav

1 REPLY 1
Highlighted

Re: Sentry :: Enabling Sentry for Hive

Expert Contributor

LDAP can be enabled with sentry,FOR LDAPS you will need ssl key and certificate which is the next step.(For security purposes).

 

Secondly to enable sentry with hive/impala you need to have an admin user,check in allowed.users property in impala,sentry configurations.

You will get to know which users have the privilege to bypass the sentry authorization so that you can give roles and privileges to other users using an admin user.

 

Go to impala shell by switching to that admin user.I tried with impala

 

-->su impala

 

--->impala-shell

 

Grant roles and privileges using sql statements .Take a look at this url

 

http://www.cloudera.com/content/cloudera/en/documentation/core/v5-2-x/topics/sg_hive_sql.html