MapR 5.0 Documentation : Sentry

Apache Sentry is an authorization module for Hadoop that provides the granular, role-based authorization required to provide precise levels of access to authenticated users and applications.  Sentry allows users to see only those objects for which they have privileges. 

Storage Models

Sentry supports two models for storing privileges and roles:

  • Database storage (preferred)
    As of Sentry 1.6-1602, you can configure Sentry to use the database storage mode. With this mode, the Sentry service provides access to read and maintain privileges and roles from a database.
     

  • File-based storage
    Privileges and roles are accessed from and maintained in a policy file (global-policy.ini) which you can store on the MapR-FS. The following diagram illustrates the architecture of the file-based storage model:
     
     

Privileges

Privileges are granted on different objects in the schema, including tables, databases, URIs and servers. The object hierarchy is set up like this, where objects inherit privileges from objects above them in the hierarchy:

 

Feature Support

  • HDFS ACLs are not supported.

  • As of MapR’s Sentry 1.6-1602, the database storage mode is supported. It was not supported in the Sentry 1.4.0-1412 release.

Attachments:

MCS.PNG (image/png)
Sentry authorization core (application/gliffy+json)
Sentry authorization core.png (image/png)
Sentry authorization core (application/gliffy+json)
Sentry authorization core.png (image/png)
Sentry authorization core (application/gliffy+json)
Sentry authorization core.png (image/png)
Sentry authorization core (application/gliffy+json)
Sentry authorization core.png (image/png)
Sentry authorization core (application/gliffy+json)
Sentry authorization core.png (image/png)
Sentry authorization core (application/gliffy+json)
Sentry authorization core.png (image/png)
Sentry MCS with circle.png (image/png)
Sentry architecture db-based (application/gliffy+json)
Sentry architecture db-based.png (image/png)
Sentry architecture db-based (application/gliffy+json)
Sentry architecture db-based.png (image/png)
Sentry authorization core (application/gliffy+json)
Sentry authorization core.png (image/png)
Privilege Model Object Hierarchy (application/gliffy+json)
Privilege Model Object Hierarchy.png (image/png)
Sentry architecture db-based (application/gliffy+json)
Sentry architecture db-based.png (image/png)
Sentry architecture db-based (application/gliffy+json)
Sentry architecture db-based.png (image/png)
Sentry architecture db-based (application/gliffy+json)
Sentry architecture db-based.png (image/png)