blob: e4916600a9a8f182cf50ac57a19099224926f93b [file] [log] [blame]
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- WARNING!!! This file is provided for documentation purposes ONLY! -->
<!-- WARNING!!! You should copy to sentry-site.xml and make modification instead. -->
<configuration>
<property>
<name>sentry.verify.schema.version</name>
<value> </value>
<description>
value: true, false
true Sentry store will verify the schema version in backed DB with expected version in jar.
The service won't start if there's a mismatch
</description>
</property>
<property>
<name>sentry.service.server-max-threads</name>
<value> </value>
<description> Number of threads 500 Max worker threads to serve client requests</description>
</property>
<property>
<name>sentry.service.server-min-threads</name>
<value> </value>
<description>Number of threads 10 Min worker threads to serve client requests</description>
</property>
<property>
<name>sentry.service.allow.connect</name>
<value> </value>
<description>comma separated list of users - List of users that are allowed to connect to the service (eg Hive, Impala) </description>
</property>
<property>
<name>sentry.store.jdbc.url</name>
<value> </value>
<description>JDBC connection URL for the backed DB</description>
</property>
<property>
<name>sentry.store.jdbc.user</name>
<value>Setnry</value>
<description>Userid for connecting to backend db </description>
</property>
<property>
<name>sentry.store.jdbc.password</name>
<value>Sentry</value>
<description>Sentry password for backend JDBC user </description>
</property>
<property>
<name>sentry.service.server.keytab</name>
<value></value>
<description>Keytab for service principal</description>
</property>
<property>
<name>sentry.service.server.rpcport</name>
<value>8038</value>
<description> TCP port number for service</description>
</property>
<property>
<name>sentry.service.server.rpcaddress</name>
<value>0.0.0.0</value>
<description> TCP interface for service to bind to</description>
</property>
<property>
<name>sentry.store.jdbc.driver</name>
<value>org.apache.derby.jdbc.EmbeddedDriver</value>
<description>Backend JDBC driver - org.apache.derby.jdbc.EmbeddedDriver (only when dbtype = derby) JDBC Driver class for the backed DB</description>
</property>
<property>
<name>sentry.service.admin.group</name>
<value> </value>
<description>Comma separates list of groups. List of groups allowed to make policy updates</description>
</property>
<property>
<name>sentry.store.group.mapping</name>
<value>org.apache.sentry.provider.common.HadoopGroupMappingService</value>
<description>
Group mapping class for Sentry service. org.apache.sentry.provider.file.LocalGroupMapping service can be used for local group mapping. </description>
</property>
<property>
<name>sentry.store.group.mapping.resource</name>
<value> </value>
<description> Policy file for group mapping. Policy file path for local group mapping, when sentry.store.group.mapping is set to LocalGroupMapping Service class.</description>
</property>
<property>
<name>sentry.service.security.mode</name>
<value>kerberos</value>
<description>Options: kerberos, none. Authentication mode for Sentry service. Currently supports Kerberos and trusted mode </description>
</property>
<property>
<name>sentry.service.server.principal</name>
<value> </value>
<description>Service Kerberos principal</description>
</property>
<property>
<name>sentry.service.web.enable</name>
<value>false</value>
<description>Enable web service</description>
</property>
<property>
<name>sentry.service.web.authentication.type</name>
<value>NONE</value>
<description>Options: kerberos, NONE. Authentication mode for Sentry web service.</description>
</property>
<property>
<name>sentry.service.web.authentication.kerberos.keytab</name>
<value></value>
<description>Keytab for web service principal</description>
</property>
<property>
<name>sentry.service.web.authentication.kerberos.principal</name>
<value></value>
<description>Web service Kerberos principal</description>
</property>
<property>
<name>sentry.service.web.authentication.allow.connect.users</name>
<value></value>
<description>comma separated list of users - List of users that are allowed to connect to the web service (eg Hive, Impala) </description>
</property>
</configuration>