THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
All of these are hooks in various services, where there is a Sentry client plugged in as a hook. Please note that, below hooks are for V1:
HS2:
Executed at beginning of each new session: All beeline commands
Hive.server2.session.hook
=org.apache.sentry.binding.hive.HiveAuthzBindingSessionHook
Metastore hook class for further filtering the metadata read results on client side: Show tables/databases through beeline
hive.metastore.filter.hook
=org.apache.sentry.binding.metastore.SentryMetaStoreFilterHook
For Grant/Revoke commands: Validation and authz (SentryGrantRevokeTask)
hive.security.authorization.task.factory
=org.apache.sentry.binding.hive.SentryHiveAuthorizationTaskFactoryImpl
Other:
SentryHiveMetaStoreClient: Filters (TODO: What is its intended purpose as compared to SentryMetaStoreFilterHook?)
HMS:
hive.metastore.pre.event.listeners
=org.apache.sentry.binding.metastore.MetastoreAuthzBinding
HMS writes, adds ip/op hierarchies and calls authz binding
hive.metastore.event.listeners
=org.apache.sentry.binding.metastore.SentryMetastorePostEventListener
For propagating create/drop/rename events
For path updates for HDFS plugin
sentry.metastore.plugins
=org.apache.sentry.hdfs.MetastorePlugin (called by PostEventListener)
For path updates for hdfs sync
NN (active & standby):
dfs.namenode.authorization.provider.class
=org.apache.sentry.hdfs.SentryAuthorizationProvider