Reply
Explorer
Posts: 25
Registered: ‎04-26-2016

What AD groups are required planning to enable sentry authorization

We are now planning to enable sentry user authorization via Hue.

 

I am a bit confused an not sure, of this question.

 

What Ad groups are required with enabling sentry authorization.

 

I am trying to find of any document that gves those details on cloudera hadoop or google not finding.

 

I see a document on navigator where they mentioned of these below groups: are they really Ad groups? that needed to be created.

 

Here are the various groups, that are required: picked up from Cloudera Navigator document:
Auditor, Read-Only, Limited Operator, Operator, Configurator, Cluster Administrator ,BDR Administrator, Navigator Administrator, User Administrator, Key Administrator, Full Administrator

 

 

Thank you very much for the helpful info.

Posts: 634
Topics: 3
Kudos: 102
Solutions: 66
Registered: ‎08-16-2016

Re: What AD groups are required planning to enable sentry authorization

Those are roles for Navigator. You would assign users and/or groups to those roles.

In Sentry, you create the roles,, grant privileges to a role, and attached a group to a role. Then the users in said group would have the access specified for that role.

Effectively you need at least one group but it can be any AD group by any name. You will likely need more than just one to delegate access and control.
Explorer
Posts: 25
Registered: ‎04-26-2016

Re: What AD groups are required planning to enable sentry authorization

The groups which are to be created on cloudera navigator are not really
Network Active Directory groups of domain right?



Highlighted
Posts: 634
Topics: 3
Kudos: 102
Solutions: 66
Registered: ‎08-16-2016

Re: What AD groups are required planning to enable sentry authorization

The roles you mentioned for Navigator; those do not need to be created as AD groups.
Announcements