Created 05-27-2020 04:10 AM
I want to create roles for my hive database management in Hue, but when I try to create roles using Sentry in Hue, I keep on getting this message : Unable to obtain groups in user :
I've already input my admin user to Sentry admin user
Created 05-27-2020 06:02 AM
The unable to obtain groups message indicates that the admin user on hue is not added to the cluster nodes. The user and its associated access groups should also be present on the cluster nodes.
Please create the user if it does not exist, add it to the group of sentry admins and retry.
What is the CDH version of your cluster?
Are you able to modify ACLs of the HDFS directories from the command line using setfacl commands as the same user?
Created 05-28-2020 05:06 AM
You can simply add the hue admin user to the group of sentry admin.
Both the group and user should exist locally on cluster nodes and the hue admin user should be a part of this sentry admin group.
Refer below document to set ACLs for the directories.
Hope this helps,
Paras
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Created 05-27-2020 04:47 AM
I'm getting this error also when i'm trying to create ACL on file browser
Created 05-27-2020 06:02 AM
The unable to obtain groups message indicates that the admin user on hue is not added to the cluster nodes. The user and its associated access groups should also be present on the cluster nodes.
Please create the user if it does not exist, add it to the group of sentry admins and retry.
What is the CDH version of your cluster?
Are you able to modify ACLs of the HDFS directories from the command line using setfacl commands as the same user?
Created 05-27-2020 07:35 PM
Hi @paras do I need to add the user itself on the group of sentry admins? or the one that I must add is the group where the user is associated?
My CDH version is 6.3.2
I think I didn't do yet the modifying of ACLs of the HDFS directories, can you teach me how please? but I have enabled this already : dfs.namenode.acls.enabled
Created 05-28-2020 05:06 AM
You can simply add the hue admin user to the group of sentry admin.
Both the group and user should exist locally on cluster nodes and the hue admin user should be a part of this sentry admin group.
Refer below document to set ACLs for the directories.
Hope this helps,
Paras
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Created 05-28-2020 10:56 PM
Hi @paras i've tried including my group where my admin user reside and the user itself on sentry.service.admin.group. but still no luck. what do I need to input on sentry.service.admin.group? the user or the group where it belongs? I'm still getting the error of Unable to obtain groups to cloudera(which is my user)
Created 06-16-2020 10:26 PM
The group where the admin user is present should be added as the sentry admin group. This would also enable all other users in the group to act as sentry admins. If you want to se the user alone add it to the sentry admin groups as each user has a corresponding group entry created by the same name locally.
Please ensure that the user and group exists on all nodes on the cluster.
 
					
				
				
			
		
