apache-sentry

问题 We just upgraded from CDH 5.3.6 to 5.10.0, and started getting errors when trying to write to Kafka topics. We have the default settings on everything, no SSL or Kerberos authentication enabled. When use the console producer to write to one of my topics, I get this error: /usr/bin/kafka-console-producer --broker-list=myhost1.dev.com:9092,myhost2.dev.com:9092 --topic test 17/03/06 21:00:57 INFO utils.AppInfoParser: Kafka version : 0.10.0-kafka-2.1.0 17/03/06 21:00:57 INFO utils.AppInfoParser:

问题 I have configured the Hive Authorization though Sentry and did all the needed changes. One of the change is to Disable HiveServer2 Impersonation by setting below property: hive.server2.enable.doAs to false This is mandatory requirement for Sentry as mention in cloudera Doc here. So what is the need for doing that as it is a very standard requirements wrt BI tools. Where one user will be launching the application and that will be impersonating the logged in user. Please let me know if there is

问题 I have a cluster running with cdh-5.7.0 and configured the following setup hadoop with kerberos hive with LDAP authentication hive with sentry authorization (rules stored in JDBC derby) My goal is to restrict users to see which databases exist in my system. E.g.: User-A should only see database DB-A when execute show databases User-B should only see database DB-B when execute show databases I followed the article https://blog.cloudera.com/blog/2013/12/how-to-get-started-with-sentry-in-hive/