Support Questions

Find answers, ask questions, and share your expertise

How do I grant different view access like Hive/Tez/File using ambari rest api calls ?

avatar
Explorer

Need curl calls to grant different view access through rest apis. I am currently able to create user and reset the password using ambari rest api as of now @Neeraj Sabharwal

1 ACCEPTED SOLUTION

avatar
Master Mentor

@Sushant Choudhary

Example: Suppose you want to give File View "Grant permission to these users" , The username is "jay" then you can make the following API call for the FileView.

# curl -i -u admin:admin -H "X-Requested-By: ambari" -X PUT  -d '[{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"amy_ds","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"holger_gov","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"maria_dev","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"raj_ops","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"jay","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"views","principal_type":"GROUP"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"CLUSTER.ADMINISTRATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"CLUSTER.OPERATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"SERVICE.OPERATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"SERVICE.ADMINISTRATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"CLUSTER.USER","principal_type":"ROLE"}}]'  http://localhost:8080/api/v1/views/FILES/versions/1.0.0/instances/AUTO_FILES_INSTANCE/privileges

.

View solution in original post

9 REPLIES 9

avatar
Master Mentor

@Sushant Choudhary

Example: Suppose you want to give File View "Grant permission to these users" , The username is "jay" then you can make the following API call for the FileView.

# curl -i -u admin:admin -H "X-Requested-By: ambari" -X PUT  -d '[{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"amy_ds","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"holger_gov","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"maria_dev","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"raj_ops","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"jay","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"views","principal_type":"GROUP"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"CLUSTER.ADMINISTRATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"CLUSTER.OPERATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"SERVICE.OPERATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"SERVICE.ADMINISTRATOR","principal_type":"ROLE"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"CLUSTER.USER","principal_type":"ROLE"}}]'  http://localhost:8080/api/v1/views/FILES/versions/1.0.0/instances/AUTO_FILES_INSTANCE/privileges

.

avatar
Master Mentor

@Sushant Choudhary

From readability point i am posting the JSON data in the Pretty JSON format here.

[
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "amy_ds",
      "principal_type": "USER"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "holger_gov",
      "principal_type": "USER"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "maria_dev",
      "principal_type": "USER"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "raj_ops",
      "principal_type": "USER"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "jay",
      "principal_type": "USER"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "views",
      "principal_type": "GROUP"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "CLUSTER.ADMINISTRATOR",
      "principal_type": "ROLE"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "CLUSTER.OPERATOR",
      "principal_type": "ROLE"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "SERVICE.OPERATOR",
      "principal_type": "ROLE"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "SERVICE.ADMINISTRATOR",
      "principal_type": "ROLE"
    }
  },
  {
    "PrivilegeInfo": {
      "permission_name": "VIEW.USER",
      "principal_name": "CLUSTER.USER",
      "principal_type": "ROLE"
    }
  }

.

You can edit the PrivilegeInfo section from the above JSON data to give appropriate permission (principal_name)

.

avatar
Explorer

Is VIEW.USER permission specific to File view ? How do I grant access to Tez/Hive view. Any documentation on this ?

avatar
Master Mentor

@Sushant Choudhary

Granting permission is not different for Hive/Tez/File View or other Views. The curl call should be almost same. You need to just adjust the privilleges properly in the json. Please take a look at the "Hive View" granting example for user "jay"

Example For Hive

curl -i -u admin:admin -H "X-Requested-By: ambari" -X PUT  -d  '[{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"amy_ds","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"holger_gov","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"maria_dev","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"raj_ops","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"jay","principal_type":"USER"}},{"PrivilegeInfo":{"permission_name":"VIEW.USER","principal_name":"CLUSTER.ADMINISTRATOR","principal_type":"ROLE"}}]'  http://localhost:8080/api/v1/views/HIVE/versions/1.5.0/instances/AUTO_HIVE_INSTANCE/privileges

For more information of User Permissions for views please refer to:

- https://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-views/content/section_user_permis...

- https://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-views/content/section_user_permis...

avatar
Explorer

Hi Jay, I am trying to get all critical alerts from ambari using:

curl -u username:password -i -H 'X-Requested-By:ambari' -X GET http://ambari-server:8080/api/v1/clusters/clustername/alerts?Alert/state=CRITICAL

I don't want all fields here . For e.g I need service name and definition name , how to incorporate it in above curl

avatar
Master Mentor

@Sushant

If the original query that you asked as part of this thread is resolved and the previously provided updates helped you in answering your query then please mark this thread as "Accept" , that way it helps the community users to find a specific query and it's specific answer quickly.

I will suggest it will be great if oyu open a new Thread in HCC for your new query related to Alert.

avatar
Master Mentor

@Sushant

Also regarding your query on getting ambari CRITICAL alerts list please try:

curl -u username:password -i -H 'X-Requested-By:ambari' -X GET http://erie1.example.com:8080/api/v1/clusters/ErieCluster/alerts?fields=*&Alert/state.in(CRITICAL)

OR

curl -u username:password -i -H 'X-Requested-By:ambari' -X GET http://erie1.example.com:8080/api/v1/clusters/ErieCluster/alerts?fields=*&Alert/state=CRITICAL

.

avatar
Explorer

@Sushant How can I create a read-only user by ambari Rest API

avatar
Master Mentor

@jack jack

First you should open a new HCC thread that way each individual queries are tracked separately.