Hive sentry group and role mapping report generation

 All,

Lets try to make our hadoop admin work easy by setting up automated sentry group role mapping which will help to list groups and roles in a easy way.

It's very simple.

create one script to generate html report and use httpd/tomcat to view it.

Sample code would be like shown below.:

beeline --silent=true --showHeader=false --outputformat=csv2 -u "jdbc:hive2://edge_node:10000/default;principal=hive/_HOST@Domain.COM" -e "show roles;"|awk '{ print "show grant role " $0 ";" }' >$RLE

beeline --silent=true --showHeader=false  --outputformat=csv2 -u "jdbc:hive2://edge_node:10000/default;principal=hive/_HOST@ADomain" -f $RLE |sort |grep -v '^$' | awk -F',' '{ print $5","$1","$2","$7","$9}' >$GRT

mysql sentry -u sentry -p"sentry_password" -e "SELECT SENTRY_ROLE.ROLE_NAME,SENTRY_GROUP.GROUP_NAME FROM SENTRY_ROLE_GROUP_MAP JOIN SENTRY_ROLE ON SENTRY_ROLE.ROLE_ID=SENTRY_ROLE_GROUP_MAP.ROLE_ID JOIN SENTRY_GROUP ON SENTRY_GROUP.GROUP_ID=SENTRY_ROLE_GROUP_MAP.GROUP_ID;" |grep -v 'ROLE_NAME'|sed 's/\t/,/g' > $GRP

  

Once the html file is generated, copy the file (eg:hive_roles.html)   below location and give read  permission

cp hive_roles.html  edgenode::/home/tomcat/apache-tomcat-8.5.24/webapps/RPT/  or /var/www/html/RPT/ 

Enjoy.

for More details, please mail me at dhanooj.world@gmail.com or visit my linkedin Profile