You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kudu.apache.org by ad...@apache.org on 2019/07/24 18:16:49 UTC
[kudu] 01/02: docs: add the required config for Sentry
This is an automated email from the ASF dual-hosted git repository.
adar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git
commit 8fa502352395016ab97a2f32926a586441fa8ab2
Author: Hao Hao <ha...@cloudera.com>
AuthorDate: Tue Jul 23 15:10:55 2019 -0700
docs: add the required config for Sentry
This commit adds the required config for fine-grained authz in Sentry.
Thirdparty cluster management software like Cloudera Manager may
configure these automatically. If not using such software, it's
necessary to set these configurations manually.
Staged version here:
https://github.com/haohaoc/kudu/blob/master/docs/security.adoc
Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
Reviewed-on: http://gerrit.cloudera.org:8080/13902
Reviewed-by: Alexey Serbin <as...@cloudera.com>
Tested-by: Hao Hao <ha...@cloudera.com>
---
docs/security.adoc | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/docs/security.adoc b/docs/security.adoc
index 01055f5..91017af 100644
--- a/docs/security.adoc
+++ b/docs/security.adoc
@@ -299,6 +299,20 @@ The following configurations must be set on the tablet servers:
--tserver_enforce_access_control=true
```
+The following configurations must be set in `sentry-site.xml` on the Sentry servers:
+```xml
+# This example setup configures the Kudu service user as a privileged user to be
+# able to retrieve authorization policies stored in Sentry.
+<property>
+ <name>sentry.service.allow.connect</name>
+ <value>kudu</value>
+</property>
+
+<property>
+ <name>sentry.service.admin.group</name>
+ <value>kudu</value>
+</property>
+```
[[privilege-caching]]
=== Caching