Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How do I grant different view access like Hive/Tez/File using ambari rest api calls ?

Labels:
avatar
author-rank hadcloudera
Explorer

Created ‎05-12-2017 06:08 PM

Need curl calls to grant different view access through rest apis. I am currently able to create user and reset the password using ambari rest api as of now @Neeraj Sabharwal

3,038 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎05-12-2017 06:17 PM

@Sushant Choudhary

Example: Suppose you want to give File View "Grant permission to these users" , The username is "jay" then you can make the following API call for the FileView.

# curl -i -u admin:admin -H "X-Requested-By: ambari" -X PUT  -d '[{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"amy_ds","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"holger_gov","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"maria_dev","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"raj_ops","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"jay","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"views","principal_type":"GROUP"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"CLUSTER.ADMINISTRATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"CLUSTER.OPERATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"SERVICE.OPERATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"SERVICE.ADMINISTRATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"CLUSTER.USER","principal_type":"ROLE"}}]'  http://localhost:8080/api/v1/views/FILES/versions/1.0.0/instances/AUTO_FILES_INSTANCE/privileges

.

View solution in original post

2,692 Views
9 REPLIES 9

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎05-12-2017 06:17 PM

@Sushant Choudhary

Example: Suppose you want to give File View "Grant permission to these users" , The username is "jay" then you can make the following API call for the FileView.

# curl -i -u admin:admin -H "X-Requested-By: ambari" -X PUT  -d '[{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"amy_ds","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"holger_gov","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"maria_dev","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"raj_ops","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"jay","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"views","principal_type":"GROUP"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"CLUSTER.ADMINISTRATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"CLUSTER.OPERATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"SERVICE.OPERATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"SERVICE.ADMINISTRATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"CLUSTER.USER","principal_type":"ROLE"}}]'  http://localhost:8080/api/v1/views/FILES/versions/1.0.0/instances/AUTO_FILES_INSTANCE/privileges

.

2,693 Views

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎05-12-2017 06:24 PM

@Sushant Choudhary

From readability point i am posting the JSON data in the Pretty JSON format here.

[
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "amy_ds",
      "principal_type": "USER"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "holger_gov",
      "principal_type": "USER"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "maria_dev",
      "principal_type": "USER"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "raj_ops",
      "principal_type": "USER"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "jay",
      "principal_type": "USER"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "views",
      "principal_type": "GROUP"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "CLUSTER.ADMINISTRATOR",
      "principal_type": "ROLE"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "CLUSTER.OPERATOR",
      "principal_type": "ROLE"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "SERVICE.OPERATOR",
      "principal_type": "ROLE"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "SERVICE.ADMINISTRATOR",
      "principal_type": "ROLE"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "CLUSTER.USER",
      "principal_type": "ROLE"
    }
  }

.

You can edit the PrivilegeInfo section from the above JSON data to give appropriate permission (principal_name)

.

2,692 Views
0 Kudos

avatar
author-rank hadcloudera
Explorer

Created ‎05-12-2017 06:42 PM

Is VIEW.USER permission specific to File view ? How do I grant access to Tez/Hive view. Any documentation on this ?

2,692 Views
0 Kudos

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎05-13-2017 12:48 AM

@Sushant Choudhary

Granting permission is not different for Hive/Tez/File View or other Views. The curl call should be almost same. You need to just adjust the privilleges properly in the json. Please take a look at the "Hive View" granting example for user "jay"

Example For Hive

curl -i -u admin:admin -H "X-Requested-By: ambari" -X PUT  -d  '[{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"amy_ds","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"holger_gov","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"maria_dev","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"raj_ops","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"jay","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"CLUSTER.ADMINISTRATOR","principal_type":"ROLE"}}]'  http://localhost:8080/api/v1/views/HIVE/versions/1.5.0/instances/AUTO_HIVE_INSTANCE/privileges

For more information of User Permissions for views please refer to:

- https://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-views/content/section_user_permis...

- https://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-views/content/section_user_permis...

2,692 Views
0 Kudos

avatar
author-rank hadcloudera
Explorer

Created ‎05-17-2017 09:34 AM

Hi Jay, I am trying to get all critical alerts from ambari using:

curl -u username:password -i -H 'X-Requested-By:ambari' -X GET http://ambari-server:8080/api/v1/clusters/clustername/alerts?Alert/state=CRITICAL

I don't want all fields here . For e.g I need service name and definition name , how to incorporate it in above curl

2,692 Views
0 Kudos

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎05-17-2017 09:44 AM

@Sushant

If the original query that you asked as part of this thread is resolved and the previously provided updates helped you in answering your query then please mark this thread as "Accept" , that way it helps the community users to find a specific query and it's specific answer quickly.

I will suggest it will be great if oyu open a new Thread in HCC for your new query related to Alert.

2,692 Views
0 Kudos

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎05-17-2017 09:52 AM

@Sushant

Also regarding your query on getting ambari CRITICAL alerts list please try:

curl -u username:password -i -H 'X-Requested-By:ambari' -X GET http://erie1.example.com:8080/api/v1/clusters/ErieCluster/alerts?fields=*&Alert/state.in(CRITICAL)

OR

curl -u username:password -i -H 'X-Requested-By:ambari' -X GET http://erie1.example.com:8080/api/v1/clusters/ErieCluster/alerts?fields=*&Alert/state=CRITICAL

.

2,692 Views
0 Kudos

avatar
author-rank 454596169
Explorer

Created ‎06-08-2017 07:22 AM

@Sushant How can I create a read-only user by ambari Rest API

2,692 Views
0 Kudos

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎06-08-2017 07:24 AM

@jack jack

First you should open a new HCC thread that way each individual queries are tracked separately.

2,692 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements