If you have not seen this, here is an interesting example of how Sentry has been leveraged to provide unified authorization across Hadoop data access paths.
Additional information on the architecture, use cases, and performance is available in this blog post: http://blog.cloudera.com/blog/2015/09/recordservice-for-fine-grained-security-enforcement-across-the-hadoop-ecosystem/ Thanks, Lenni ---------- Forwarded message ---------- From: Ana Krasteva <[email protected]> Date: Mon, Sep 28, 2015 at 7:37 AM Subject: RecordService Beta Released To: [email protected], [email protected], [email protected], [email protected] We are happy to announce the beta release of RecordService, a new core security layer that centrally enforces fine-grained access control policy, using a new abstraction layer between compute frameworks and data storage. Complementing Apache Sentry, which provides unified policy management, Cloudera now delivers unified row- and column-based security, and dynamic data masking, to every Hadoop access path. This combination of RecordService and Sentry allow security administrators to define fine-grained access control policies that will be uniformly enforced for Impala, Spark, Pig, Hive, MapReduce and Solr, with no performance loss. The benefits of RecordService include: Security - Fine-grained data permissions and enforcement across Hadoop - Leverage existing investments in Sentry Interoperability - Simpler coding for Spark and MapReduce jobs, as clients no longer need to be aware of on-disk format. - Supports a wide variety of compute frameworks (such as Spark, MapReduce and Pig) and storage managers (such as HDFS and S3) Performance/Efficiency - Performance boosted via the Impala optimized scanner, dynamic code generation, and Parquet implementation - Use projections over original source datasets instead of making many copies/subsets RecordService already has an extensive set of capabilities, but there’s still considerable work to be done and we’d appreciate your help. RecordService is Apache Licensed open source and a transition to the Apache Software Foundation is planned. As part of the open beta, we encourage the community to try it out. Here is how you can get started: - Access the download of RecordService from HERE <http://www.cloudera.com/content/cloudera/en/downloads/betas/recordservice/0-1-0.html> . - You may either use the RecordService beta Virtual Machine (VM), or install RecordService on an existing test cluster (CDH 5.4.0 or higher) - Review the RecordService documentation HERE <http://cloudera.github.io/RecordServiceClient/>. As with other beta software, RecordService is not yet ready to be used in production Hadoop clusters, and will be supported on a best-effort basis. We look forward to hearing about your experiences with RecordService. Once you get started, use the RecordService-specific user group <https://groups.google.com/forum/#!forum/recordservice-user> to ask questions and provide feedback. You can also send your comments and suggestions through our community forums <http://community.cloudera.com/t5/Beta-Releases/bd-p/Beta>. Ana Krasteva Cloudera Program Manager -- You received this message because you are subscribed to the Google Groups "RecordService-User" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/recordservice-user/CALmU9X41y2gbci_Mq3V46a2mKd8v5kyJ3D5_GfL2uutKbrECXQ%40mail.gmail.com <https://groups.google.com/d/msgid/recordservice-user/CALmU9X41y2gbci_Mq3V46a2mKd8v5kyJ3D5_GfL2uutKbrECXQ%40mail.gmail.com?utm_medium=email&utm_source=footer> . For more options, visit https://groups.google.com/d/optout.
