Configuring Impala to Use Sentry Authorization
To configure Impala to use Sentry authorization, edit the Impala env.sh
configuration file, and add these options to the IMPALA_SERVER_ARGS
declaration.
The following table lists the options with their descriptions:
Option | Description |
---|---|
-server_name
|
This option turns on Sentry authorization for Impala. Specify the symbolic server
name to use as the argument for this option. You must also specify this server
name as the value for the |
|
You can store privileges in an authorization policy file. When you specify this
option, in addition to the server_name option, Impala reads
privilege information from the policy file instead of a database. Specify the
MapR-FS path to the policy file that contains the privilege information. |
Complete the following steps to configure Impala to use Sentry authorization:
- Edit
env.sh
located in/opt/mapr/impala/impala-<version>/conf/
. - In the
IMPALA_SERVER_ARGS
declaration, add the following options:-
-server_name=<hive_server_2> \
-
-authorization_policy_file=file:///opt/mapr/sentry/sentry-<version>/conf/<file-name>.ini \
WARNING: If the policy file is stored in MapR-FS, indicate the MapR-FS location using the following format:-authorization_policy_file=maprfs:///<path_to_policy_file>
-
- Restart the Impala server, statestore service, and catalog service. Refer to Managing
Impala for instructions on how to start Impala. WARNING: Impala does not start if it detects any issues in the authorization settings or the policy file.
- When Impala is running, you can issue the following command to start the impala-shell as
a particular user:
impala-shell -u <user_name>