Configure Sentry and Hive for File-based Storage Mode

These instructions explain how to configure Hive to use Sentry in file-based storage mode.

Warning: When Sentry operates in file-based storage mode, it works as a batch of java-libraries that are used by Hive. It does not run as a service and is not integrated with Warden or with the MapR Control System. Sentry only runs as a service when you choose the database storage model.
  1. Edit the hive-site.xml file (located at /opt/mapr/hive/hive-<version>/conf) and set properties as shown:
    <property>
      <name> hive.server2.session.hook </name>
      <value> org.apache.sentry.binding.hive.HiveAuthzBindingSessionHook </value>
    </property>
     
    <property>
      <name> hive.sentry.conf.url </name>
      <value> file:///opt/mapr/sentry/sentry-<version>/conf/sentry-site.xml </value>
      <description> sentry-site.xml file location </description>
    </property>
     
    <property>
      <name> hive.metastore.execute.setugi </name>
      <value> true </value>
    </property>
  2. Edit the sentry-site.xml file and set properties as shown:
    <property>
      <name> sentry.hive.provider.backend </name>
      <value> org.apache.sentry.provider.file.SimpleFileProviderBackend </value>
      <description> The privilege provider to be used (either file-based or db-based). </description>
    </property>
      
    <property>
      <name> sentry.hive.provider.resource </name>
      <value> file:///opt/mapr/sentry/sentry-<version>/conf/global-policy.ini </value>
      <description> Provides location of the policy file. If the policy file is in MAPR-FS, then the URL should start from next schema: 'maprfs:///'. </description>
    </property>