Reply
Highlighted
New Contributor
Posts: 3
Registered: ‎02-17-2017

Question on Navigator

Hi all,

 

I have a few questions on Navigator.

 

1. Can you do Role-based access control (RBAC) in navigator? Use-case user A can only see finance tables/linage and no audit logs. Use B can see only cusomer tables.

 

2. Is there a way to link in nagios into the audit logs for reporting, without writing custom code that uses the API? If you need to write code, does Cloudera have examples of this (why reinvite the wheel).

 

Thanks

Stephen

 

Cloudera Employee
Posts: 4
Registered: ‎11-21-2016

Re: Question on Navigator

[ Edited ]

1) You can do role based access control in navigator at table level and also for given table you can have RBAC at column level.

 

2) Navigator Audit APIs could be leveraged to do reporting. For ex , follwoing account "https://github.com/mjaykumar/Navigator_audit_API" has sample script for reporting some metrics like "no of grants/revoke" command being fired in last 24 hours. Similarly Audit logs events could be published to kafka and syslog for consumption. refer "https://www.cloudera.com/documentation/enterprise/5-5-x/topics/datamgmt_audit_publish.html" for details.

 

Thanks,

Jay

New Contributor
Posts: 3
Registered: ‎02-17-2017

Re: Question on Navigator

Thanks.

 

Can you point me to the docs on this: "1) You can do role based access control in navigator at table level and also for given table you can have RBAC at column level."

 

Stephen

Cloudera Employee
Posts: 4
Registered: ‎11-21-2016

Re: Question on Navigator

New Contributor
Posts: 3
Registered: ‎02-17-2017

Re: Question on Navigator

Thanks. This looks like its when using hive, etc.  What would I see in navigator? As the user?

 

Stephen

Cloudera Employee
Posts: 4
Registered: ‎11-21-2016

Re: Question on Navigator

Hi,

 

Sentry currently works out of the box with Apache Hive, Hive Metastore/HCatalog, Apache Solr, Impala, and HDFS (limited to Hive table data). Refer this for details "https://www.cloudera.com/documentation/enterprise/5-8-x/topics/sg_sentry_overview.html#sentry_overvi..."

Cloudera Employee
Posts: 4
Registered: ‎11-21-2016

Re: Question on Navigator

As Sentry administrator, you would set authorization policies in terms of mapping between various roles/groups and roles/privileges for various objects(tables,db,server,collection, files etc). Once set, the authorization policies rules will be enforced when any user would try to access the objects and all the actions will be logged and consolidated into centralized databases. We could analyze all such events via reports thorugh navigator UI. The reports couls also be extraced via calling REST APIs endpoints or JAVA navigator SDK.  Majority of times calling REST APIs would meet the requirement. We also navigator SDK as well. refer "https://github.com/cloudera/navigator-sdk".

 

Thanks,

Jay

Announcements