Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

difference between Ranger and sentry


difference between Ranger and sentry

how does sentry differ from ranger ? what are the things We can not achieve with using sentry and that is achievable from ranger and vice-versa.


Re: difference between Ranger and sentry


@Anurag Mishra

Having used both Ranger and Sentry to build security over clusters, I can tell you Sentry was the weak link in Cloudera offering.

The Apache Ranger

It is a framework to enable, monitor and manage data security across the Hadoop platform. It provides a centralized security administration, access control and detailed auditing for user access within the Hadoop, Hive, HBase and other Apache components. This Framework has the vision to provide comprehensive security across the Apache Hadoop ecosystem. Because of Apache YARN, the Hadoop platform can now support a true data lake architecture. The data security within Hadoop needs to evolve to support multiple use cases for data access while providing a framework for the central administration of security policies and monitoring of user access.

I can't enumerate all the advantages of Ranger over Sentry but here are a few

  • The latest version has plugins for most of the components in the Hadoop ecosystem.(Hive, HDFS, YARN, Kafka, etc)
  • You can extend the functionality by writing your own UDF's like [Geolocalised based policies]
  • It has time-based rules.
  • Data masking (PII, HIPAA compliance for GDPR).



Personally, I find it rudimentary just like the Oracle Role-Based Access Control security where you create a role, grant this particular role some privileges and give the role to a user. This is quite cumbersome and a security management nightmare


You will need to extensively read about the 2 solutions one of the reasons there was a merger was the solid security Hortonworks provided combined with governance with Atlas that Cloudera was lacking.

Don't have an account?
Coming from Hortonworks? Activate your account here