How to determine Sentry Group to Role Mapping with CDH
Apache Sentry is system within the Hadoop ecosystem for enforcing fine grained role based access control to data and metadata stored within a Hadoop cluster.
With Sentry users are assigned to groups (for example in LDAP / Active Directory), the groups are then associated with roles, and the roles are granted permissions. Authorisation information can either be stored in a file on disk or in a relational database such as MySQL or PostgreSQL. In the latter case HiveQL statements are used to list and grant permissions to roles (the commands below are taken from the Cloudera documentation).