Sentry :: Enabling Sentry for Hive

guptagaurav · ‎12-31-2014

Hello,

I have CDH 5.2 installed on a 2 node cluster. I also have an OpenLDAP server setup separately. I was successful in configuring Hive with LDAP. I've used the 'LDAP' protocol (ldap://hostname:389 and not ldaps://hostname:636). I'm trying to enable Sentry with Hive now. LDAP was configured with Hive as it seems to be a pre-requisite. I donot have Kerberos enabled. I'm have set sentry.hive.testing.mode to true in sentry-site.xml so that I can skip enabling kerberos for the time being.

My question is:

1. Can sentry be enabled with ldap? or is ldaps required to enable sentry?

2. Could you please give me some documentation or links which will help me in enabling sentry for Hive? any or all sources will be helpful.

Any information will be helpful.

Thanks and Regards,

Gaurav

HDFS · ‎01-05-2015

LDAP can be enabled with sentry,FOR LDAPS you will need ssl key and certificate which is the next step.(For security purposes).

Secondly to enable sentry with hive/impala you need to have an admin user,check in allowed.users property in impala,sentry configurations.

You will get to know which users have the privilege to bypass the sentry authorization so that you can give roles and privileges to other users using an admin user.

Go to impala shell by switching to that admin user.I tried with impala

-->su impala

--->impala-shell

Grant roles and privileges using sql statements .Take a look at this url

http://www.cloudera.com/content/cloudera/en/documentation/core/v5-2-x/topics/sg_hive_sql.html

Sentry :: Enabling Sentry for Hive

Sentry :: Enabling Sentry for Hive

Re: Sentry :: Enabling Sentry for Hive