You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

 

Sentry currently integrates with Apache Hive, Apache Sqoop, Apache Solr, HDFS and Cloudera Impala. Sentry is pluggable and it is fairly simple to delegate Sentry to your authorization and policy management needs. In this document we talk about the main steps required for integration, code organization and examples to get you started.

Integration step by step:

       Apache Solr will be the example for the following guide.

  1. Define authorization model (related code: https://github.com/apache/sentry/tree/master/sentry-core/sentry-core-model-search)
    1. Create the sentry-core-model-search for Solr
    2. Create SearchModelAuthorizable which should extend the interface Authorizable
    3. Create all authorization types with enum AuthorizableType, eg, Collection, Field
    4. Create sub class of SearchModelAuthorizable for every authorization type, eg, Collection, Field
  2. Define action factory  (related code: https://github.com/apache/sentry/tree/master/sentry-core/sentry-core-model-search)
    1. SearchAction defines all actions for Solr with name and code, eg, UPDATE(0x0001), QUERY(0x0002), ALL(0x0001|0x0002). 
    2. The action code will be used for action imply with operation &. The imply rule is defined in org.apache.sentry.core.common.BitFieldAction. According to the rule, UPDATE imply QUERY = FALSE, ALL imply UPDATE = TRUE
  3. Define privilegeModel with authorization model and action factory

 


Main modules:

  • Binding: Authorization checks happen here

  • Model: Define what are the objects in your system that you want to control access and define the granularity

  • Policy engine: Define how you want to evaluate policies. For example: Wildcards?

  • E2E tests

Example:

Sqoop integration: https://issues.apache.org/jira/browse/SENTRY-612

Code organization:

Repo: https://github.com/apache/sentry


 

  • No labels