Some comments below on the blog below -- I haven't watched the video yet. I think this is very good.
>>> "Sentry currently uses a file-based policy provider. And, you can link a global policy file to multiple dependent per database policy files" I think some more exposition here would be useful -- users may not know what a policy provider is. Maybe something like: "Access control to Hive is currently defined by what Sentry calls policy providers. Sentry currently supports a file-based policy provider; see below for an example. A single global policy provider can be used to control access to an entire HiveServer2 instance, or multiple dependent per database policy providers can be linked to the global one." >>> "Sentry provides authorization through a hook in HiveServer2" I'm not a hive expert -- will all hive users know what a "hook" is? Maybe you should define this as well. >>> "HadoopGroup mapping, which uses the underlying hadoop groups" Going from the picture, it's actually more complicated -- right? It will either use Shell groups or LDAP groups. Maybe a link here with some explanation: http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#Group_Mapping >>> "Next, lets look at how Sentry fits into the security landscape of Hive." I think this should be its own paragraph since it's only transition; doesn't really have anything to do with the previous paragraph. On Sun, Dec 1, 2013 at 10:42 PM, Sravya Tirukkovalur <[email protected]>wrote: > Hi all, > > Hope you all had a great thanks giving weekend! > > I created a short demo on getting started with Sentry in Hive and would > like to post it to the Apache Sentry blog. > Here is the draft, and any suggestions greatly appreciated: > https://blogs.apache.org/preview/sentry/?previewEntry=getting_started > > FYI, I set the publish time as 12/05/13 9AM GMT. > > Thanks! > -- > Sravya Tirukkovalur >
