@Anurag Mishra
Having used both Ranger and Sentry to build security over clusters, I can tell you Sentry was the weak link in Cloudera offering.
The Apache Ranger
It is a framework to enable, monitor and manage data security across the Hadoop platform. It provides a centralized security administration, access control and detailed auditing for user access within the Hadoop, Hive, HBase and other Apache components. This Framework has the vision to provide comprehensive security across the Apache Hadoop ecosystem. Because of Apache YARN, the Hadoop platform can now support a true data lake architecture. The data security within Hadoop needs to evolve to support multiple use cases for data access while providing a framework for the central administration of security policies and monitoring of user access.
I can't enumerate all the advantages of Ranger over Sentry but here are a few
- The latest version has plugins for most of the components in the Hadoop ecosystem.(Hive, HDFS, YARN, Kafka, etc)
- You can extend the functionality by writing your own UDF's like [Geolocalised based policies]
- It has time-based rules.
- Data masking (PII, HIPAA compliance for GDPR).
Ref:https://hortonworks.com/apache/ranger/
Sentry
Personally, I find it rudimentary just like the Oracle Role-Based Access Control security where you create a role, grant this particular role some privileges and give the role to a user. This is quite cumbersome and a security management nightmare
Ref:https://www.cloudera.com/documentation/enterprise/5-6-x/topics/sg_sentry_overview.html#concept_bp4_t...
You will need to extensively read about the 2 solutions one of the reasons there was a merger was the solid security Hortonworks provided combined with governance with Atlas that Cloudera was lacking.
