03-17-2017 04:19 PM
We need to restrict access to running sqoop at the command line in hdfs.
My thought on this was that I would probably have to manage this at the Linux OS layer.
1. Create a group (sqoop-users) in linux
2. Add users to that group
3. use ACLs (via setfacl) to add the new group (sqoop-users) to /usr/bin/sqoop with r-x permissions.
4. then change permissions via chmod to remove "other" access completely (so chmod 750).
Just wondering if anyone has thoughts or suggestions...and if that is the way to go.
03-18-2017 04:29 AM
03-20-2017 07:52 AM
Thanks for the response.
What do you mean by revoking DB access credentials? Do you mean removing it for the users that we want to prevent from using Sqoop?
03-22-2017 09:01 PM
03-22-2017 09:05 PM
03-23-2017 08:10 AM
@csguna - thanks for the link. I had read that already and it doesn't provide for a way to restrict Sqoop. It does allow for restricting other things...HBase, Impala, etc. I checked w/Cloudera support and they stated that there isn't a mechanism now. However, I could create a group and put users in that group to restrict (via read only access to Oozie). Unfortunately, this might not work for us either.
03-23-2017 08:12 AM
@Harsh J - thanks again for the responses and suggestions.
In our case, we cannot revoke access at the DB for these users. They access the DB with other tools outside of our cluster (part of their jobs), so we cannot remove it.
03-23-2017 08:14 AM
@Harsh J - I just checked the other post you listed...and that looks close. Seems that you are stating that there is a way to completely remove Sqoop from the avaiable Oozie workflow options. That would be great if i could do it on a per user or per group basis.