Shell for import/export

The following arguments are added to sentry’s config-tool for import/export:

For import:

sentry -command config-tool -I <filepath> -o

-I,--import <filepath>    The path of import policy file

-o,--overwrite             Overwrite the exist role data when do the import, default is true

For export:

sentry -command config-tool -E <filepath> -b <specific auth object>

-E,--export <filepath>       The path of export policy file

-b,--objectPath <specific auth object> Optional, the specific authorization object for export

eg: sentry -command config-tool -E /tmp/export.ini -b db=db1->table=table1

File format

For the policy file format, the interface SentryPolicyFileFormatter is responsible for this. The implemented class can be configured in the sentry-site.xml as the following:

Config PropertyValueDefaultRequired
sentry.hive.policy.file.formatterThe value must be the subclass of org.apache.sentry.binding.hive.SentryPolicyFileFormatterorg.apache.sentry.binding.hive.SentryIniPolicyFileFormatterNo

The following is the example for the default policy file format of import/export (as INI file format):










Only user with the sentry-admin group can do the import/export. The sentry-admin group can be configured in sentry-site.xml as the following:

Config PropertyValueDefaultRequired
sentry.service.admin.groupeg: sentry_admin_group1,sentry_admin_group2 No
  • No labels