Geek Answers Handbook

How to choose between apas ranger and sentinel

From the wiki provided by these two projects, I found that it looks like they did a similar job. But there must be some difference or not the need for 2.

So what are the differences, and what is the practical advice to choose from each other.

thanks a lot!

+14
source share
5 answers

You can use Sentry or Ranger, depending on which chaos distribution tool you use, for example, Cloudera or Hortonworks.

  • Apache Sentry - owned by Cloudera. Supports HDFS, Hive, Solr and Impala. (Ranger does not support Impala).
  • Apache Ranger - owned by Hortonworks. Apache Ranger offers a centralized security system for fine-grained access control: HDFS, Hive, HBase, Storm, Knox, Solr, Kafka and YARN.

https://cwiki.apache.org/confluence/display/SENTRY/Sentry+Tutorial http://hortonworks.com/apache/ranger/

thanks Kumar

+10
source

Good answers above.

Just a quick update with the Cloudera + Hortonworks merger last year. These companies decided to standardize Ranger. CDH5 and CDH6 will continue to use Sentry until the CDH product line stops working after ~ 2-3 years. Ranger will be used for the Cloudera + Hortonworks "Unity" / CDP combined platform.

Cloudera told us that Ranger is a more mature product. Since Unity has not yet come out (as of May 2019), something may appear in the future, but this is the current direction. (October 2019 update: Unity is now known as CDP and is available for beta testing; will be available soon for cloud deployments, and in 2020 for on-premises clients)

If you are a former Cloudera client or CDH user, you still have to use Apache Sentry. There is significant overlap between Sentry and Ranger, but if you start from scratch, be sure to look at Ranger.

+7
source

Apache Ranger overlaps with Apache Sentry as it also deals with permissions and permissions. It adds an authorization level to Hive, HBase, and Knox. Both Sentry and Ranger support column-level permissions in Hive (launch from version 1.5).

Link: https://www.xplenty.com/blog/2014/11/5-hadoop-security-projects/

You can also check the RecordService. RecordService provides an abstraction layer between computing systems and the data warehouse. It provides row and column security and other benefits.

Link: http://blog.cloudera.com/blog/2015/09/recordservice-for-fine-grained-security-enforcement-across-the-hadoop-ecosystem/

http://recordservice.io/

+4
source

Both manage grants based on grants from the role table. Ranger provides dynamic masking of data (during transmission). Both are integrated with the Informatica Secure at Source to provide a data management solution.

+1
source

@tagar, what about Cloudera Navigator, did it still exist after the merger? if so, will it do authentication with ranger?

0
source

More articles:


All Articles