Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Cloudbreak HDP instances require owner access to azure ADLS?

Labels:
avatar
author-rank sunile_manjee author-rank
Master Guru

Created ‎08-16-2018 09:37 PM

I launched a HDP instance on azure via Cloudbreak and added my ADLS information prior to creation. I am reading this tutorial:

https://community.hortonworks.com/articles/105994/how-to-configure-authentication-with-adls.html

which mentions to assign app owner role to ADLS. My app has contributor role and owner role is not allowed as the enterprise owns it (ADLS) and will not provide me such access. Is there any way for my app with contributor role to use ADLS?

Here is the error I get:

[cloudbreak@sparky-m1 bin]$ hadoop fs -ls adl://xxxxx.azuredatalakestore.net
ls: GETFILESTATUS failed with error 0x83090aa2 (Forbidden. ACL verification failed. Either the resource does not exist or the user is not authorized to perform the requested operation.). [e300ca0f-5b03-48d8-a63a-e66175efe18a][2018-08-16T14:23:24.5402535-07:00] [ServerRequestId:e300ca0f-5b03-48d8-a63a-e66175efe18a]
1,640 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank darvasip author-rank
Guru

Created ‎08-17-2018 03:56 PM

@sunile.manjee

That tutorial is not 100% correct, you can set fine grained RWX ACL permissions for your application to the files and folders of your ADLS account, as documented here and setting those properly should be enough to work with your ADLS account without granting the application any roles.

Hope this helps!

View solution in original post

1,536 Views
0 Kudos
2 REPLIES 2

avatar
author-rank darvasip author-rank
Guru

Created ‎08-17-2018 03:56 PM

@sunile.manjee

That tutorial is not 100% correct, you can set fine grained RWX ACL permissions for your application to the files and folders of your ADLS account, as documented here and setting those properly should be enough to work with your ADLS account without granting the application any roles.

Hope this helps!

1,537 Views
0 Kudos

avatar
author-rank Dominika author-rank
Guru

Created ‎08-17-2018 07:37 PM

@sunile.manjee I updated the tutorial to include @pdarvasi's suggestion as a note.

1,536 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements