This is weird, Hive and Generic privileges are separated at the Thrift level so Kafka should send different Thrift calls which should return different results. This can be a bug though. Doesn't look like some that comes from configuration.
On Wed, Jun 28, 2017 at 4:19 AM, Colm O hEigeartaigh <[email protected]> wrote: > Hi all, > > This must be a simple question but I can't find the answer anywhere. I have > a Sentry Service with some (test) privileges for both Hive + Kafka: > > > ./sentryShell -conf ../sentry-site.xml -lp -r admin_role -t hive > server=* > > > ./sentryShell -conf ../sentry-site.xml -lp -r admin_role -t kafka > HOST=*->CLUSTER=kafka-cluster->action=all > > However, when my Kafka broker attempts to get the privileges for the > "admin" group it returns the Hive privilege: > > [2017-06-28 11:02:38,952] DEBUG result = [server=*] > (org.apache.sentry.policy.kafka.SimpleKafkaPolicyEngine) > > How do I configure my "sentry-site.xml" on the Kafka side to instead return > the Kafka privilege? > > Colm. > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
