kudu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a...@apache.org
Subject [kudu] 01/02: docs: add the required config for Sentry
Date Wed, 24 Jul 2019 18:16:49 GMT
This is an automated email from the ASF dual-hosted git repository.

adar pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/kudu.git

commit 8fa502352395016ab97a2f32926a586441fa8ab2
Author: Hao Hao <hao.hao@cloudera.com>
AuthorDate: Tue Jul 23 15:10:55 2019 -0700

    docs: add the required config for Sentry
    
    This commit adds the required config for fine-grained authz in Sentry.
    Thirdparty cluster management software like Cloudera Manager may
    configure these automatically. If not using such software, it's
    necessary to set these configurations manually.
    
    Staged version here:
    https://github.com/haohaoc/kudu/blob/master/docs/security.adoc
    
    Change-Id: If208579405c11fc25aefbedd3f63ac21afecbddf
    Reviewed-on: http://gerrit.cloudera.org:8080/13902
    Reviewed-by: Alexey Serbin <aserbin@cloudera.com>
    Tested-by: Hao Hao <hao.hao@cloudera.com>
---
 docs/security.adoc | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/docs/security.adoc b/docs/security.adoc
index 01055f5..91017af 100644
--- a/docs/security.adoc
+++ b/docs/security.adoc
@@ -299,6 +299,20 @@ The following configurations must be set on the tablet servers:
 --tserver_enforce_access_control=true
 ```
 
+The following configurations must be set in `sentry-site.xml` on the Sentry servers:
+```xml
+# This example setup configures the Kudu service user as a privileged user to be
+# able to retrieve authorization policies stored in Sentry.
+<property>
+  <name>sentry.service.allow.connect</name>
+  <value>kudu</value>
+</property>
+
+<property>
+  <name>sentry.service.admin.group</name>
+  <value>kudu</value>
+</property>
+```
 [[privilege-caching]]
 === Caching
 


Mime
View raw message