Support Questions

Vhodnoylogin · ‎02-13-2019

Hi, i need to create new user and grant to it few rules (on select of couple schemas).

i create group, create user, assign user to group, and see it in hdfs - and there're no groups.

1. sudo adduser tezd_user

2. sudo groupadd tezd_group

3. sudo usermod -a -G tezd_group tezd_user

4. groups tezd_user >> tezd_user : tezd_user tezd_group

5. hdfs groups tezd_user >> tezd_user :

So, user have no group - have to rules - have no access to any action in db.

How to set group for user, and how to get rules to user (i think, it makes by addition group to user)?

Vhodnoylogin · ‎02-13-2019

It's simple...
There're no "hdfs group" - u mast assign user and group in host-os.
And, if u have a cluster, u mast do it at "main node" (or at every node if "main" migrate to another server).

But it doen't solve my core problem: "need to create new user and grant to it few rules (on select of couple schemas)."
So, user in group, group have premissions, but there are no effect of it.
What must i do in this case?

FrankyFlowB · ‎04-25-2019

Hi,

if I understood well, you want grant access to database schemas to the user, right?

In this case, there are two possible scenarios:

1) Kerberos and Sentry disabled:

in this case, if databases are from Hive, you must to configure HDFS folder´s permissions in order your OS user/group have access to HDFS filesystem where Hive databases are stored.

2) Kerberos and Sentry enabled:

this case is a little more extensive, because you must to take in mind point 1 considerations, and configure Sentry roles, Roles-groups assignment, kerbero´s users, ...

In this case you must to follow Cloudera´s Security Guide.

Cloudera Community

Support Questions

How to add user to group in HDFS?