Configuring Sentry
Support for Sentry has been added in Cloudera Manager as of version 4.7. This means that the configuration of Sentry can be done entirely through the Cloudera Manager Admin Console. It is possible to install Sentry in a cluster managed by Cloudera Manager 4.5 or 4.6 by undertaking some manual configuration steps, but installation with Cloudera Manager 4.7 or later is strongly recommended.
Sentry enables role-based, fine-grained authorization for HiveServer2 and
Cloudera Search. It provides classic database-style authorization for Hive and Cloudera
Impala.
Important: When using Sentry with Hive, you must
use Impala or HiveServer2 to access Hive tables. You cannot use the Hive CLI, Hue Beeswax,
or WebHCat with Sentry.

For detailed information about Sentry, see the Sentry Guide.
In order to use Sentry with CDH 4.3, you will need to install Sentry manually; it is not included in the CDH 4.3 parcel or package. Sentry is included with CDH 4.4.0 or later.
Installing the Sentry parcel for CDH 4.3
If you are using CDH 4.3, or have upgraded from CDH 4.3 to CDH 4.4 and
have not already installed the Sentry parcel, you can add it separately.
- You do not need to do this if you have done a new installation of CDH 4.4 — the Sentry parcel is included.
- If you have upgraded to CDH 4.4 from CDH 4.3 and did have the separate Sentry parcel installed with CDH 4.3, you must remove the stand-alone parcel.
To add the Sentry parcel for CDH 4.3:
- Under the Administration tab, go to Settings, then Parcels.
- In the Remote Parcel Repository URLs property, click the Plus sign to add a remote repository location. The Sentry parcel for CDH4.3 can be found at http://archive.cloudera.com/sentry/parcels/latest/. Once this is done the Sentry parcel should appear on the Hosts > Parcels page.
- Now Download, Distribute, and Activate the parcel from the Hosts > Parcels page. See Using Parcels for details about adding a parcel.
<< Previous: Adding Cloudera Search | Next: Setting Up Hive Authorization with Sentry >> |