You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sentry.apache.org by Chen Song <ch...@gmail.com> on 2017/10/18 19:05:41 UTC
questions on sentry
I have a few questions on Sentry. I have some thoughts in my mind but just
want to confirm with the community.
1. Does Sentry have a way to block HDFS superuser from access HDFS
directories?
2. Does Sentry support blacklisting a list of IPs from Hive or HDFS access?
After a bit search, I don't find a way for both but I want to double check
again.
Chen
Re: questions on sentry
Posted by Alexander Kolbasov <ak...@cloudera.com>.
Hi Chen,
Apache Sentry goal is to provide security features for other Apache
products - mainly Apache {Hive, Impala, Solr, Kafka}. It doesn't provide
HDFS access protections.
- Alex.
On Wed, Oct 18, 2017 at 12:05 PM, Chen Song <ch...@gmail.com> wrote:
> I have a few questions on Sentry. I have some thoughts in my mind but just
> want to confirm with the community.
>
> 1. Does Sentry have a way to block HDFS superuser from access HDFS
> directories?
> 2. Does Sentry support blacklisting a list of IPs from Hive or HDFS access?
>
> After a bit search, I don't find a way for both but I want to double check
> again.
>
> Chen
>
Re: questions on sentry
Posted by Alexander Kolbasov <ak...@cloudera.com>.
To answer your second question - IP address based authorization isn't
supported.
- Alex
On Thu, Oct 19, 2017 at 8:20 AM Chen Song <ch...@gmail.com> wrote:
> Thanks Alexander.
>
> I asked because I see the HDFS ACLs sync feature for Sentry. I am clear
> now.
> Do you have any idea on my second question?
>
> Chen
>
> On Wed, Oct 18, 2017 at 10:59 PM Alexander Kolbasov <ak...@cloudera.com>
> wrote:
>
>> Hi Chen,
>>
>> Apache Sentry goal is to provide security features for other Apache
>> products - mainly Apache {Hive, Impala, Solr, Kafka}. It doesn't provide
>> HDFS access protections.
>>
>> - Alex.
>>
>> On Wed, Oct 18, 2017 at 12:05 PM, Chen Song <ch...@gmail.com>
>> wrote:
>>
>>> I have a few questions on Sentry. I have some thoughts in my mind but
>>> just
>>> want to confirm with the community.
>>>
>>> 1. Does Sentry have a way to block HDFS superuser from access HDFS
>>> directories?
>>> 2. Does Sentry support blacklisting a list of IPs from Hive or HDFS
>>> access?
>>>
>>> After a bit search, I don't find a way for both but I want to double
>>> check
>>> again.
>>>
>>> Chen
>>>
>>
>>
Re: questions on sentry
Posted by Chen Song <ch...@gmail.com>.
Thanks Alexander.
I asked because I see the HDFS ACLs sync feature for Sentry. I am clear now.
Do you have any idea on my second question?
Chen
On Wed, Oct 18, 2017 at 10:59 PM Alexander Kolbasov <ak...@cloudera.com>
wrote:
> Hi Chen,
>
> Apache Sentry goal is to provide security features for other Apache
> products - mainly Apache {Hive, Impala, Solr, Kafka}. It doesn't provide
> HDFS access protections.
>
> - Alex.
>
> On Wed, Oct 18, 2017 at 12:05 PM, Chen Song <ch...@gmail.com>
> wrote:
>
>> I have a few questions on Sentry. I have some thoughts in my mind but just
>> want to confirm with the community.
>>
>> 1. Does Sentry have a way to block HDFS superuser from access HDFS
>> directories?
>> 2. Does Sentry support blacklisting a list of IPs from Hive or HDFS
>> access?
>>
>> After a bit search, I don't find a way for both but I want to double check
>> again.
>>
>> Chen
>>
>
>
Re: questions on sentry
Posted by Alexander Kolbasov <ak...@cloudera.com>.
Hi Chen,
Apache Sentry goal is to provide security features for other Apache
products - mainly Apache {Hive, Impala, Solr, Kafka}. It doesn't provide
HDFS access protections.
- Alex.
On Wed, Oct 18, 2017 at 12:05 PM, Chen Song <ch...@gmail.com> wrote:
> I have a few questions on Sentry. I have some thoughts in my mind but just
> want to confirm with the community.
>
> 1. Does Sentry have a way to block HDFS superuser from access HDFS
> directories?
> 2. Does Sentry support blacklisting a list of IPs from Hive or HDFS access?
>
> After a bit search, I don't find a way for both but I want to double check
> again.
>
> Chen
>