05-29-2017 02:50 PM
Me and my coworkers are trying to implement security with Sentry in a Cloudera Cluster (CDH 5.10.0), without success.
It's our first hadoop project, a PoC for a customer. Our main security requirement is grant/revoke select access to schemas/tables for HUE users.
Firstly, we setup a KDC server for Kerberos in order to centralize authentication then we followed the "Enable Kerberos" wizard in Cloudera Manager. Everything works fine.
After that, we added the Sentry Service then we followed the documentation to configure all services (in our case, HDFS, Hive, Hue).
All these services are up and running, but the HUE admin user doesn't have permission to manage permissions in Security App.
After a lot of changes in configuration and after reading the entire security section in Cloudera Documentation, we didn't reach our goal.
We don't understand how to manage users/permissions in hadoop ecossytem.
How hue users, cloudera manager users, apps/system users (hue, hive, hdfs), kerberos principals, HDFS permissions and Sentry are related in order to work properly?
05-30-2017 03:01 PM