Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Sentry service configuration: local group mapping

Highlighted

Sentry service configuration: local group mapping

Explorer

Hi!

 

Sentry service configuration page on the Cloudera web site contains incorrect information that describes local group mapping. The cloudera page mentions a reference like this

<property>
<name>hive.sentry.provider</name>
<value>org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider</value>
</property>

 

But in fact I found that Sentry service expects following parameters:

<property>
<name>sentry.store.group.mapping</name>
<value>org.apache.sentry.provider.file.LocalGroupMappingService</value>
</property>

<property>
<name>sentry.store.group.mapping.resource</name>
<value>/var/lib/sentry/sentry-provider.ini</value>
</property>

 

Mentioned parameters is not possible to manage using CM interface (but safety valve only)

 

Another inconsistence is that sentry.store.group.mapping.resourse interpreted as local file (not HDFS)

When prefixed with protocol (hdfs://....) in case of Kerberos environment some additional Kerberos principals should be added to the safety valve.

 

Don't have an account?
Coming from Hortonworks? Activate your account here