Actually it was my mistake. For "sentry.kafka.provider.backend" I was using "org.apache.sentry.provider.db.SimpleDBProviderBackend". When instead I use "org.apache.sentry.provider.db.generic.SentryGenericProviderBackend" it works fine.
Perhaps we should be logging an error if SimpleDBProviderBackend is used with anything other than Hive? Colm. On Wed, Jun 28, 2017 at 8:24 PM, Alexander Kolbasov <[email protected]> wrote: > This is weird, Hive and Generic privileges are separated at the Thrift > level so Kafka should send different Thrift calls which should return > different results. This can be a bug though. Doesn't look like some that > comes from configuration. > > On Wed, Jun 28, 2017 at 4:19 AM, Colm O hEigeartaigh <[email protected]> > wrote: > >> Hi all, >> >> This must be a simple question but I can't find the answer anywhere. I >> have >> a Sentry Service with some (test) privileges for both Hive + Kafka: >> >> > ./sentryShell -conf ../sentry-site.xml -lp -r admin_role -t hive >> server=* >> >> > ./sentryShell -conf ../sentry-site.xml -lp -r admin_role -t kafka >> HOST=*->CLUSTER=kafka-cluster->action=all >> >> However, when my Kafka broker attempts to get the privileges for the >> "admin" group it returns the Hive privilege: >> >> [2017-06-28 11:02:38,952] DEBUG result = [server=*] >> (org.apache.sentry.policy.kafka.SimpleKafkaPolicyEngine) >> >> How do I configure my "sentry-site.xml" on the Kafka side to instead >> return >> the Kafka privilege? >> >> Colm. >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
