Reply
Explorer
Posts: 11
Registered: ‎05-15-2015

Roles creation in HUE UI for sentry

I am not getting an option to add roles directly in HUE UI for sentry for give privilges to roles.

Right now i am using beeline to create roles and grant permission to databases . Is there any way , can i sync the roles that are created in beeline to hue UI .

OR Do i need to add roles manually in HUE UI .  Can anyone help on this issue.

 

 

Cloudera Employee
Posts: 90
Registered: ‎07-31-2013

Re: Roles creation in HUE UI for sentry

The roles in Hue should sync up with the ones created by beeline. However, you have to login to Hue as a member of one of the groups that have been defined for this property in your Sentry config:

sentry.service.admin.group

So what you have to do is:

1. Add a group that should be able to admin sentry roles to that list.
2. Restart Sentry and Hue(hue checks the sentry group info in the sentry-site.xml on startup)
3. Add the same group to Hue through the useradmin.
4. Make a user that should see sentry roles a member of the new group.
5. Logout of Hue and log back in.
Cloudera Employee
Posts: 717
Registered: ‎07-30-2013

Re: Roles creation in HUE UI for sentry

Explorer
Posts: 11
Registered: ‎05-15-2015

Re: Roles creation in HUE UI for sentry

Based on video, I can able to add roles and give permissions to roles directly instead of using beeline .
But I am not getting an option to add role directly in HUE browser.

New Contributor
Posts: 1
Registered: ‎06-17-2015

Re: Roles creation in HUE UI for sentry

Able to create roles, but even after assigning role to user that user is un able to access tables in impala.   I have followed all instuctions on setting permissions on the /user/hive/warehouse then enabling sentry for hue,hive,impala.  Created group called "impala" and added role with permissions "ALL" on table X.  User is still not able to run any commnad on table X.

 

 

 

Expert Contributor
Posts: 109
Registered: ‎05-19-2016

Re: Roles creation in HUE UI for sentry

New Contributor
Posts: 2
Registered: ‎11-26-2018

Re: Roles creation in HUE UI for sentry

I create maroof user on operating system with group maroof. then from hue browser i login from impala user which is sentry admin user. i create role named "readonly" and grant privileges of select on hive database default. now from hive CLI when i login from maroof OS user it allow me to select tables in hive default database. i also created user in hue browser with same name maroof when i select hive default tables then it throw error.

 

"AuthorizationException: User 'maroof' does not have privileges to execute 'SELECT' on: default.test101 "

 

but same select working fine from hive CLI and from hue browser it not allow me to select. what will be the issue?

Can anyone help me? please.

Highlighted
New Contributor
Posts: 2
Registered: ‎01-18-2017

Re: Roles creation in HUE UI for sentry

Can anyone help me in this.. I am able to create roles and assign to groups through hue UI but when i am trying to do samething with beeline by login to specific user i am not able to create the table. From Hue UI i can create the table from same username

 

sh-4.2$ beeline -u "jdbc:hive2://kabo1.unraveldatalab.com:10000/movieprod"

scan complete in 3ms

Connecting to jdbc:hive2://kabo1.unraveldatalab.com:10000/movieprod

Connected to: Apache Hive (version 1.1.0-cdh5.14.4)

Driver: Hive JDBC (version 1.1.0-cdh5.14.4)

Transaction isolation: TRANSACTION_REPEATABLE_READ

Beeline version 1.1.0-cdh5.14.4 by Apache Hive

Beeline version 1.1.0-cdh5.14.4 by Apache Hive

0: jdbc:hive2://kabo1.unraveldatalab.com:1000> CREATE TABLE ratings (

. . . . . . . . . . . . . . . . . . . . . . .>   userid INT,

. . . . . . . . . . . . . . . . . . . . . . .>   movieid INT,

. . . . . . . . . . . . . . . . . . . . . . .>   rating INT,

. . . . . . . . . . . . . . . . . . . . . . .>   tstamp STRING

. . . . . . . . . . . . . . . . . . . . . . .> ) ROW FORMAT DELIMITED

. . . . . . . . . . . . . . . . . . . . . . .> FIELDS TERMINATED BY '#'

. . . . . . . . . . . . . . . . . . . . . . .> STORED AS TEXTFILE;

Error: Error while compiling statement: FAILED: SemanticException No valid privileges

User anonymous does not have privileges for CREATETABLE

The required privileges: Server=server1->Db=movieprod->action=*; (state=42000,code=40000)

0: jdbc:hive2://kabo1.unraveldatalab.com:1000>

Announcements