Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Can't create roles using Sentry in Hue Interface

avatar
Rising Star

I want to create roles for my hive database management in Hue, but when I try to create roles using Sentry in Hue, I keep on getting this message : Unable to obtain groups in user :

I've already input my admin user to Sentry admin user
Screen Shot 2020-05-27 at 7.00.38 PM.png

2 ACCEPTED SOLUTIONS

avatar
Master Collaborator

@Mondi 

 

The unable to obtain groups message indicates that the admin user on hue is not added to the cluster nodes. The user and its associated access groups should also be present on the cluster nodes.

Please create the user if it does not exist, add it to the group of sentry admins and retry.

 

What is the CDH version of your cluster?

Are you able to modify ACLs of the HDFS directories from the command line using setfacl commands as the same user?

View solution in original post

avatar
Master Collaborator

@Mondi 

 

You can simply add the hue admin user to the group of sentry admin.

Both the group and user should exist locally on cluster nodes and the hue admin user should be a part of this sentry admin group.

Refer below document to set ACLs for the directories.

https://docs.cloudera.com/documentation/enterprise/6/6.3/topics/cdh_sg_hdfs_ext_acls.html#xd_583c10b...

 

Hope this helps,

Paras

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

View solution in original post

6 REPLIES 6

avatar
Rising Star

I'm getting this error also when i'm trying to create ACL on file browser

 

Screen Shot 2020-05-27 at 7.44.24 PM.png

avatar
Master Collaborator

@Mondi 

 

The unable to obtain groups message indicates that the admin user on hue is not added to the cluster nodes. The user and its associated access groups should also be present on the cluster nodes.

Please create the user if it does not exist, add it to the group of sentry admins and retry.

 

What is the CDH version of your cluster?

Are you able to modify ACLs of the HDFS directories from the command line using setfacl commands as the same user?

avatar
Rising Star

Hi @paras do I need to add the user itself on the group of sentry admins? or the one that I must add is the group where the user is associated?

 

My CDH version is 6.3.2

 

I think I didn't do yet the modifying of ACLs of the HDFS directories, can you teach me how please? but I have enabled this already : dfs.namenode.acls.enabled

avatar
Master Collaborator

@Mondi 

 

You can simply add the hue admin user to the group of sentry admin.

Both the group and user should exist locally on cluster nodes and the hue admin user should be a part of this sentry admin group.

Refer below document to set ACLs for the directories.

https://docs.cloudera.com/documentation/enterprise/6/6.3/topics/cdh_sg_hdfs_ext_acls.html#xd_583c10b...

 

Hope this helps,

Paras

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

avatar
Rising Star

Hi @paras i've tried including my group where my admin user reside and the user itself on sentry.service.admin.group. but still no luck. what do I need to input on sentry.service.admin.group? the user or the group where it belongs? I'm still getting the error of Unable to obtain groups to cloudera(which is my user)

avatar
Master Collaborator

@Mondi 

 

The group where the admin user is present should be added as the sentry admin group. This would also enable all other users in the group to act as sentry admins. If you want to se the user alone add it to the sentry admin groups as each user has a corresponding group entry created by the same name locally.

 

Please ensure that the user and group exists on all nodes on the cluster.