https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150639#M36026 <P>If you don't use LDAP then linux accounts you use must be present on each node in the cluster and must have similar permissions (you can get away with this requirement if you are using Ranger and disable posix permissions using dfs.permissions.enabled = false).</P><P>But without LDAP you need to have linux accounts on all machines.</P> Wed, 27 Jul 2016 09:22:38 GMT mqureshi 2016-07-27T09:22:38Z https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150638#M36025 <P>Trying to explore the best way to manage users in hadoop ecosystem. Basically I am going to provide 3 user interface to user community:</P><P>a.) EdgeNode - Linux machine. This is where users can use their Linux credentials and use command line to use hadoop clients (spark, sqoop, hdfs etc)</P><P>b.) Ambari web interface</P><P>c.) HUE interface</P><P>d.) Ranger - For Admins to control file and folder permissions</P><P>Question I have is is it possible to create account in Linux environment and let all other pull it from there and use the same credentials. I read about LDAP but it appears to be difficult and we don't currently have a working LDAP. </P><P>How can I centrally manage users without using LDAP ?</P><P>Thanks</P><P>Prakash</P> Tue, 21 Apr 2026 13:50:29 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150638#M36025 prakashpunj 2026-04-21T13:50:29Z https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150639#M36026 <P>If you don't use LDAP then linux accounts you use must be present on each node in the cluster and must have similar permissions (you can get away with this requirement if you are using Ranger and disable posix permissions using dfs.permissions.enabled = false).</P><P>But without LDAP you need to have linux accounts on all machines.</P> Wed, 27 Jul 2016 09:22:38 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150639#M36026 mqureshi 2016-07-27T09:22:38Z https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150640#M36027 <P>How about web interface, AMbari and HUE. Can user accounts on Ambari and Hue gets sync with Linux account. </P><P>Also why do I need Linux account on all members of the cluster. I can just give access to one machine which can be used as EdgeNode. </P><P>Thanks</P> Wed, 27 Jul 2016 09:39:58 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150640#M36027 prakashpunj 2016-07-27T09:39:58Z https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150641#M36028 <P>The user needs to exist on machines where ever you are reading file blocks from based on Posix permissions. Like I said, you might not need them if you are using Ranger and/or dfs.permissions.enabled = false in core-site.xml. When you are in HUE and run a hive query, it runs as Hive user, not as HUE. You want to make sure, you have a user named "hive" where you have HiveServer2. Then you enable hive impersonation to decide who you want to give what access.</P><P><A href="https://docs.hortonworks.com/HDPDocuments/Ambari-2.1.0.0/bk_ambari_views_guide/content/_configuring_your_cluster_for_hive_view.html" target="_blank">https://docs.hortonworks.com/HDPDocuments/Ambari-2.1.0.0/bk_ambari_views_guide/content/_configuring_your_cluster_for_hive_view.html</A></P><P><A href="http://hortonworks.com/blog/best-practices-for-hive-authorization-using-apache-ranger-in-hdp-2-2/">http://hortonworks.com/blog/best-practices-for-hive-authorization-using-apache-ranger-in-hdp-2-2/</A></P><P>Ambari just a management tool, so you can have Ambari accounts for people who need access to Ambari and this would be independent of cluster. see this <A href="http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.0/bk_Ambari_Admin_Guide/content/_local_and_ldap_user_and_group_types.html">link</A> to create "local" users for Ambari.</P> Wed, 27 Jul 2016 10:12:58 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150641#M36028 mqureshi 2016-07-27T10:12:58Z https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150642#M36029 <P>For user management use LDAP, so it will be easy to manage one LDAP server otherwise you have to create user on all machines. So rather than creating user on all machine use LDAP and use all machine as LDAP client. </P> Wed, 27 Jul 2016 21:21:11 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150642#M36029 ashneesharma88 2016-07-27T21:21:11Z https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150643#M36030 <P>Using LDAP is the plan but making it work doesnt seem to be simple. </P><P>Thanks</P><P>pP</P> Thu, 28 Jul 2016 00:06:52 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150643#M36030 prakashpunj 2016-07-28T00:06:52Z https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150644#M36031 <P>To configure ldap is easy. And if you agree with the solution, let's close this.</P> Thu, 28 Jul 2016 16:13:39 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/User-Management-Question/m-p/150644#M36031 ashneesharma88 2016-07-28T16:13:39Z