Sentry to Ranger Replication

As part of a Hive replication schedule, you can choose to migrate relevant Hive or Impala Sentry policies into Ranger.

Sentry to Ranger replication involves the following:

  • Every Sentry policy is exported as a single JSON file, which is created using a tool called authzmigrator. It contains a list of resources (either URI, database, table or column) and the policies that apply to it.

  • The exported Sentry policies are copied to the target cluster using the DistCp tool.

  • The Sentry policies are ingested into Ranger using authzmigrator via the Ranger rest endpoint, filtering only for the policies related to the replication job (using a filter expression passed to authzmigrator by Cloudera Manager).