Authorization with Sentry

Arcadia Enterprise supports authorization using Sentry, based on the model described in Enabling Sentry Authorization for Impala. Arcadia Enterprise extends this model to work both with tables and with analytical views on all Arcadia connections.

Availability Note. This feature relates to Cloudera installations accessed through Arcadia Engine connections. See Arcadia Connections.

For commands and queries that reference analytical views, Arcadia Engine verifies authorization on the base table or logical view on which the analytical view was defined. There is no additional overhead of explicitly granting or managing access to analytical views.

Some of the commands and queries that either reference analytical views, or route to analytical views, do not support column-level authorization.

To access Kudu tables on Hive connections, if you need to bypass sentry authorization, perform the following steps on the Cloudera Manager interface.

  1. Log into Cloudera Manager and click Clusters in the top navigation menu.
  2. Under Arcadia Enterprise, click Configuration in the top menu bar.
  3. On the Configuration page, under Filters > Scope, click Hive (Service-Wide).
  4. In the main area of the interface, in the search box, enter the text bypass and start the search.
  5. In the Bypass Sentry Authorization Users field, click the (plus) icon on the right of the last text box, hdfs, to open a new text box.
    Opening a New Text Box for Arcadia Setting
    Opening a New Text Box for Arcadia Setting
  6. In the new text box, enter arcadia.
  7. Click Save Changes to save the configuration.
    Configuring Arcadia in Hive Settings
    Configuring Arcadia in Hive Settings
  8. Restart Arcadia Enterprise service and apply configuration changes.