Thank you Greg for reviewing! Responses inline.
On Mon, Dec 2, 2013 at 12:35 PM, Gregory Chanan <[email protected]>wrote: > Some comments below on the blog below -- I haven't watched the video yet. > I think this is very good. > > >>> "Sentry currently uses a file-based policy provider. And, you can link > a global policy file to multiple dependent per database policy files" > I think some more exposition here would be useful -- users may not know > what a policy provider is. Maybe something like: > "Access control to Hive is currently defined by what Sentry calls policy > providers. Sentry currently supports a file-based policy provider; see > below for an example. A single global policy provider can be used to > control access to an entire HiveServer2 instance, or multiple dependent per > database policy providers can be linked to the global one." > > Sounds good, added more details on policy provider. > >>> "Sentry provides authorization through a hook in HiveServer2" > I'm not a hive expert -- will all hive users know what a "hook" is? Maybe > you should define this as well. > > I do not think Hive hooks are any different from usual CS technique of hooking. Can add a short description though if that helps. > >>> "HadoopGroup mapping, which uses the underlying hadoop groups" > Going from the picture, it's actually more complicated -- right? It will > either use Shell groups or LDAP groups. Maybe a link here with some > explanation: > > http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#Group_Mapping > > Reorganized the bullet points to make the point clear. Thanks for the link, will add it to the blog. But the link says "the mapping of users to groups is performed on the NameNode", this is not true incase of Sentry with HiveServer2, as the lookup happens on HiveServer2 rather than Namenode. So will have to point this out to avoid confusion. >>> "Next, lets look at how Sentry fits into the security landscape of > Hive." > I think this should be its own paragraph since it's only transition; > doesn't really have anything to do with the previous paragraph. > > Done > > > On Sun, Dec 1, 2013 at 10:42 PM, Sravya Tirukkovalur <[email protected] > >wrote: > > > Hi all, > > > > Hope you all had a great thanks giving weekend! > > > > I created a short demo on getting started with Sentry in Hive and would > > like to post it to the Apache Sentry blog. > > Here is the draft, and any suggestions greatly appreciated: > > https://blogs.apache.org/preview/sentry/?previewEntry=getting_started > > > > FYI, I set the publish time as 12/05/13 9AM GMT. > > > > Thanks! > > -- > > Sravya Tirukkovalur > > > -- Sravya Tirukkovalur
