You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Hao Hao <ha...@cloudera.com> on 2016/03/22 19:53:28 UTC
Sentry Graduation Blog
Hi All,
I drafted a gradation blog post for Sentry and attached here. Please feel
free to give recommendations and comments. Thanks a lot!
Best,
Hao
Sentry Graduation Blog
We are very excited to announce that Apache Sentry
<http://sentry.apache.org/> has graduated out of Incubator and is now an
Apache Top Level Project! Sentry, which provides centralized fine-grained
access control on metadata and data stored on Apache Hadoop cluster, is
introduced as an Apache Incubator project back in August 2013. In the past
two and half years, the development community grew significantly to a large
number of contributors from various organizations. Upon graduation, there
were more than 50 contributors, 31 of whom had become committers.
What’s Sentry
While Hadoop has strong security at the filesystem level, it lacked the
granular support needed to adequately secure access to data by users and BI
applications. This problem forces users to make a choice: either leave data
unprotected or lock out users entirely. Most of the time, the preferred
choice is the latter, severely inhibiting access to data in Hadoop. Sentry
provides the ability to enforce role-based access control to data and/or
privileges on data for authenticated users in a fine-grained manner. For
example, Sentry allows access control at the server, database, table, view
and even column scope at different privilege levels including select,
insert, and all for Apache Hive and Apache Impala.
What’s new
During incubation, Sentry had six releases and has continued to grow on
providing unified authorization policy management across different Hadoop
components. Some of them including:
-
most recent integration support with Apache Kafka, Apache Solr and
Apache Sqoop;
-
audit log support for data governance purpose;
-
improve the service stability with Sentry High Availability (HA);
-
provides import/export tool for replicating the entire permissions on a
Sentry database.
Future Work
Graduation is a terrific milestone, but only the beginning for Sentry. We
are looking forward to continuing to help grow the Sentry community and
fostering a strong ecosystem around the project.
We are targeting at strength Sentry core with finer granularity
authorization model, as well as enable easier integration process with
other components to make Sentry highly adaptable. Meanwhile we are aiming
at supportability enhancements such as bettering Sentry Web UI.
How to Get Involved
The Sentry community now includes new core committers, an active developer
mailing list where future releases and patches are discussed, and
increasing interest in running additional frameworks on Sentry. We strongly
encourage new people join Sentry and contribute
<https://cwiki.apache.org/confluence/display/SENTRY/How+to+Contribute>
through jumping on the discussions on the mailing list, filing bugs through
Jira, reviewing other's’ code or even providing new patches.
Re: Sentry Graduation Blog
Posted by Hao Hao <ha...@cloudera.com>.
Hi all,
FYI, the graduation post has been published in the Apache blog here
<https://blogs.apache.org/sentry/entry/sentry_graduates_to_a_top>. Cheers!
Best,
Hao
On Wed, Mar 23, 2016 at 2:04 PM, Hao Hao <ha...@cloudera.com> wrote:
> Thanks a lot Sravya for the suggestions! Will add the HDFS sync feature
> and I have created the Jira for creating a apache blog account.
>
> Best,
> Hao
>
> On Wed, Mar 23, 2016 at 11:37 AM, Sravya Tirukkovalur <sravya@cloudera.com
> > wrote:
>
>> Thanks a lot for putting this together Hao! A graduation blog post is a
>> great idea!
>>
>> One comment: Do we want to a line or two about HDFS sync feature and how
>> it
>> allows setting rules for hive databases and tables in one place, rather
>> than manually keeping the Hive permissions and HDFS permissions in sync?
>>
>> Also, do you have a apache blog account? If not, please file an infra
>> ticket. See INFRA-6911 for example.
>>
>>
>> On Tue, Mar 22, 2016 at 11:53 AM, Hao Hao <ha...@cloudera.com> wrote:
>>
>> > Hi All,
>> >
>> > I drafted a gradation blog post for Sentry and attached here. Please
>> feel
>> > free to give recommendations and comments. Thanks a lot!
>> >
>> > Best,
>> > Hao
>> >
>> > Sentry Graduation Blog
>> >
>> > We are very excited to announce that Apache Sentry
>> > <http://sentry.apache.org/> has graduated out of Incubator and is now
>> an
>> > Apache Top Level Project! Sentry, which provides centralized
>> fine-grained
>> > access control on metadata and data stored on Apache Hadoop cluster, is
>> > introduced as an Apache Incubator project back in August 2013. In the
>> past
>> > two and half years, the development community grew significantly to a
>> large
>> > number of contributors from various organizations. Upon graduation,
>> there
>> > were more than 50 contributors, 31 of whom had become committers.
>> >
>> > What’s Sentry
>> >
>> > While Hadoop has strong security at the filesystem level, it lacked the
>> > granular support needed to adequately secure access to data by users
>> and BI
>> > applications. This problem forces users to make a choice: either leave
>> data
>> > unprotected or lock out users entirely. Most of the time, the preferred
>> > choice is the latter, severely inhibiting access to data in Hadoop.
>> Sentry
>> > provides the ability to enforce role-based access control to data and/or
>> > privileges on data for authenticated users in a fine-grained manner. For
>> > example, Sentry allows access control at the server, database, table,
>> view
>> > and even column scope at different privilege levels including select,
>> > insert, and all for Apache Hive and Apache Impala.
>> >
>> >
>> > What’s new
>> >
>> > During incubation, Sentry had six releases and has continued to grow on
>> > providing unified authorization policy management across different
>> Hadoop
>> > components. Some of them including:
>> >
>> > -
>> >
>> > most recent integration support with Apache Kafka, Apache Solr and
>> > Apache Sqoop;
>> > -
>> >
>> > audit log support for data governance purpose;
>> > -
>> >
>> > improve the service stability with Sentry High Availability (HA);
>> > -
>> >
>> > provides import/export tool for replicating the entire permissions
>> on a
>> > Sentry database.
>> >
>> > Future Work
>> >
>> > Graduation is a terrific milestone, but only the beginning for Sentry.
>> We
>> > are looking forward to continuing to help grow the Sentry community and
>> > fostering a strong ecosystem around the project.
>> >
>> > We are targeting at strength Sentry core with finer granularity
>> > authorization model, as well as enable easier integration process with
>> > other components to make Sentry highly adaptable. Meanwhile we are
>> aiming
>> > at supportability enhancements such as bettering Sentry Web UI.
>> >
>> > How to Get Involved
>> >
>> > The Sentry community now includes new core committers, an active
>> developer
>> > mailing list where future releases and patches are discussed, and
>> > increasing interest in running additional frameworks on Sentry. We
>> strongly
>> > encourage new people join Sentry and contribute
>> > <https://cwiki.apache.org/confluence/display/SENTRY/How+to+Contribute>
>> > through jumping on the discussions on the mailing list, filing bugs
>> through
>> > Jira, reviewing other's’ code or even providing new patches.
>> >
>>
>>
>>
>> --
>> Sravya Tirukkovalur
>>
>
>
Re: Sentry Graduation Blog
Posted by Hao Hao <ha...@cloudera.com>.
Thanks a lot Sravya for the suggestions! Will add the HDFS sync feature and
I have created the Jira for creating a apache blog account.
Best,
Hao
On Wed, Mar 23, 2016 at 11:37 AM, Sravya Tirukkovalur <sr...@cloudera.com>
wrote:
> Thanks a lot for putting this together Hao! A graduation blog post is a
> great idea!
>
> One comment: Do we want to a line or two about HDFS sync feature and how it
> allows setting rules for hive databases and tables in one place, rather
> than manually keeping the Hive permissions and HDFS permissions in sync?
>
> Also, do you have a apache blog account? If not, please file an infra
> ticket. See INFRA-6911 for example.
>
>
> On Tue, Mar 22, 2016 at 11:53 AM, Hao Hao <ha...@cloudera.com> wrote:
>
> > Hi All,
> >
> > I drafted a gradation blog post for Sentry and attached here. Please
> feel
> > free to give recommendations and comments. Thanks a lot!
> >
> > Best,
> > Hao
> >
> > Sentry Graduation Blog
> >
> > We are very excited to announce that Apache Sentry
> > <http://sentry.apache.org/> has graduated out of Incubator and is now an
> > Apache Top Level Project! Sentry, which provides centralized fine-grained
> > access control on metadata and data stored on Apache Hadoop cluster, is
> > introduced as an Apache Incubator project back in August 2013. In the
> past
> > two and half years, the development community grew significantly to a
> large
> > number of contributors from various organizations. Upon graduation, there
> > were more than 50 contributors, 31 of whom had become committers.
> >
> > What’s Sentry
> >
> > While Hadoop has strong security at the filesystem level, it lacked the
> > granular support needed to adequately secure access to data by users and
> BI
> > applications. This problem forces users to make a choice: either leave
> data
> > unprotected or lock out users entirely. Most of the time, the preferred
> > choice is the latter, severely inhibiting access to data in Hadoop.
> Sentry
> > provides the ability to enforce role-based access control to data and/or
> > privileges on data for authenticated users in a fine-grained manner. For
> > example, Sentry allows access control at the server, database, table,
> view
> > and even column scope at different privilege levels including select,
> > insert, and all for Apache Hive and Apache Impala.
> >
> >
> > What’s new
> >
> > During incubation, Sentry had six releases and has continued to grow on
> > providing unified authorization policy management across different Hadoop
> > components. Some of them including:
> >
> > -
> >
> > most recent integration support with Apache Kafka, Apache Solr and
> > Apache Sqoop;
> > -
> >
> > audit log support for data governance purpose;
> > -
> >
> > improve the service stability with Sentry High Availability (HA);
> > -
> >
> > provides import/export tool for replicating the entire permissions on
> a
> > Sentry database.
> >
> > Future Work
> >
> > Graduation is a terrific milestone, but only the beginning for Sentry. We
> > are looking forward to continuing to help grow the Sentry community and
> > fostering a strong ecosystem around the project.
> >
> > We are targeting at strength Sentry core with finer granularity
> > authorization model, as well as enable easier integration process with
> > other components to make Sentry highly adaptable. Meanwhile we are aiming
> > at supportability enhancements such as bettering Sentry Web UI.
> >
> > How to Get Involved
> >
> > The Sentry community now includes new core committers, an active
> developer
> > mailing list where future releases and patches are discussed, and
> > increasing interest in running additional frameworks on Sentry. We
> strongly
> > encourage new people join Sentry and contribute
> > <https://cwiki.apache.org/confluence/display/SENTRY/How+to+Contribute>
> > through jumping on the discussions on the mailing list, filing bugs
> through
> > Jira, reviewing other's’ code or even providing new patches.
> >
>
>
>
> --
> Sravya Tirukkovalur
>
Re: Sentry Graduation Blog
Posted by Sravya Tirukkovalur <sr...@cloudera.com>.
Thanks a lot for putting this together Hao! A graduation blog post is a
great idea!
One comment: Do we want to a line or two about HDFS sync feature and how it
allows setting rules for hive databases and tables in one place, rather
than manually keeping the Hive permissions and HDFS permissions in sync?
Also, do you have a apache blog account? If not, please file an infra
ticket. See INFRA-6911 for example.
On Tue, Mar 22, 2016 at 11:53 AM, Hao Hao <ha...@cloudera.com> wrote:
> Hi All,
>
> I drafted a gradation blog post for Sentry and attached here. Please feel
> free to give recommendations and comments. Thanks a lot!
>
> Best,
> Hao
>
> Sentry Graduation Blog
>
> We are very excited to announce that Apache Sentry
> <http://sentry.apache.org/> has graduated out of Incubator and is now an
> Apache Top Level Project! Sentry, which provides centralized fine-grained
> access control on metadata and data stored on Apache Hadoop cluster, is
> introduced as an Apache Incubator project back in August 2013. In the past
> two and half years, the development community grew significantly to a large
> number of contributors from various organizations. Upon graduation, there
> were more than 50 contributors, 31 of whom had become committers.
>
> What’s Sentry
>
> While Hadoop has strong security at the filesystem level, it lacked the
> granular support needed to adequately secure access to data by users and BI
> applications. This problem forces users to make a choice: either leave data
> unprotected or lock out users entirely. Most of the time, the preferred
> choice is the latter, severely inhibiting access to data in Hadoop. Sentry
> provides the ability to enforce role-based access control to data and/or
> privileges on data for authenticated users in a fine-grained manner. For
> example, Sentry allows access control at the server, database, table, view
> and even column scope at different privilege levels including select,
> insert, and all for Apache Hive and Apache Impala.
>
>
> What’s new
>
> During incubation, Sentry had six releases and has continued to grow on
> providing unified authorization policy management across different Hadoop
> components. Some of them including:
>
> -
>
> most recent integration support with Apache Kafka, Apache Solr and
> Apache Sqoop;
> -
>
> audit log support for data governance purpose;
> -
>
> improve the service stability with Sentry High Availability (HA);
> -
>
> provides import/export tool for replicating the entire permissions on a
> Sentry database.
>
> Future Work
>
> Graduation is a terrific milestone, but only the beginning for Sentry. We
> are looking forward to continuing to help grow the Sentry community and
> fostering a strong ecosystem around the project.
>
> We are targeting at strength Sentry core with finer granularity
> authorization model, as well as enable easier integration process with
> other components to make Sentry highly adaptable. Meanwhile we are aiming
> at supportability enhancements such as bettering Sentry Web UI.
>
> How to Get Involved
>
> The Sentry community now includes new core committers, an active developer
> mailing list where future releases and patches are discussed, and
> increasing interest in running additional frameworks on Sentry. We strongly
> encourage new people join Sentry and contribute
> <https://cwiki.apache.org/confluence/display/SENTRY/How+to+Contribute>
> through jumping on the discussions on the mailing list, filing bugs through
> Jira, reviewing other's’ code or even providing new patches.
>
--
Sravya Tirukkovalur