[jira] [Commented] (SENTRY-432) Synchronization of HDFS permissions with Sentry permissions

Wed, 12 Nov 2014 23:52:21 -0800 

    [ 
https://issues.apache.org/jira/browse/SENTRY-432?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209455#comment-14209455
 ] 

Lenni Kuff commented on SENTRY-432:
-----------------------------------

Thanks for this change [~asuresh], this is an significant improvement that will 
help a lot with Sentry interoperability and usability. 

Precommit Run:
https://builds.apache.org/view/S-Z/view/Sentry/job/PreCommit-SENTRY-Build/22/

Change committed to master as: 
commit 2e509e4bc4f06e1c207d5702aad55b290ef390a4
Author: Lenni Kuff <[email protected]>
Date:   Wed Nov 12 22:58:53 2014 -0800

    SENTRY-432: Synchronization of HDFS permissions to Sentry permissions (Arun 
Suresh via Lenni Kuff)
    
    This change adds support for synchronizing HDFS permissions with 
permissions stored in
    Sentry. This makes it easy to share data across components (Hive/Impala, 
MR, Spark, etc)
    while managing all privileges in a centralized location - Sentry. This is 
done using new
    plugins to the HMS, HDFS, and Sentry. The HMS plugin pushes table/partition 
path information
    to the Sentry Service, the Sentry Service forwards the path information and 
all privilege
    updates, to the HDFS NameNode plugin, which caches this information and 
updates the ACLs
    accordingly.
    
    The mapping of Sentry privileges to HDFS privileges is:
    ALL -> Read/Write access to data files
    SELECT -> Read access to data files
    INSERT -> Write access to data files

> Synchronization of HDFS permissions with Sentry permissions
> -----------------------------------------------------------
>
>                 Key: SENTRY-432
>                 URL: https://issues.apache.org/jira/browse/SENTRY-432
>             Project: Sentry
>          Issue Type: Bug
>            Reporter: Arun Suresh
>            Assignee: Arun Suresh
>              Labels: sentry-hdfs
>         Attachments: SENTRY-432.1.patch, SENTRY-432.2.patch, 
> SENTRY-432.3.patch, sentry-hdfs-v1.pdf, sentry_hdfs.patch
>
>
> An HDFS file or directory that is associated with an Authorizable Object 
> managed by Sentry (Such as a HiveMetaStore table partition, a Solr/Search 
> collection/document or an HBase Table etc.) should have the permissions that 
> reflect those that were granted/revoked via Sentry. 
> This logic should be enforced by a Sentry Authorization Plugin which would be 
> an implementation of the HDFS AuthorizationProvider as described in 
> [HDFS-6826|https://issues.apache.org/jira/browse/HDFS-6826]
> This is an umbrella JIRA



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to