Today there is no comprehensive way of enforcing a Sentry authorization policy against tables stored in Kudu. The underlying reason is that Kudu itself does not yet support authorization, so it is always possible to access data directly via the Kudu API or other services that do not adhere to Sentry policy.
However, we still want to allow Kudu to be used in a meaningful way in Sentry-enabled clusters. We came up with the following desired behavior:
- Access to Kudu tables must be granted to roles as usual.
- Access to a Kudu table is all or nothing. We will not support finer grained permissions (e.g. column level) or permissions on certain operations only (e.g. only INSERT).
- Only users with ALL privileges on SERVER may create external Kudu tables.