Support Questions

prakodi · ‎02-10-2023

Hi All,

I want to find out what are the roles / groups assigned to a DB / Schema in Hive, how I can get those details ? please suggest.

Thank you.

Regards,

PK

JoseManuel · ‎02-17-2023

PK,

If you have access to the Sentry Store backend use a query like this:

SELECT
r.ROLE_NAME,
g.GROUP_NAME,
p.*,
FROM_UNIXTIME(p.CREATE_TIME / 1000) as CREATE_TIME_DATE
FROM
SENTRY_ROLE r
INNER JOIN SENTRY_ROLE_GROUP_MAP rgm ON r.ROLE_ID = rgm.ROLE_ID
INNER JOIN SENTRY_GROUP g ON g.GROUP_ID = rgm.GROUP_ID
INNER JOIN SENTRY_ROLE_DB_PRIVILEGE_MAP rpm ON r.ROLE_ID = rpm.ROLE_ID
INNER JOIN SENTRY_DB_PRIVILEGE p ON p.DB_PRIVILEGE_ID = rpm.DB_PRIVILEGE_ID;

Hope it helps,

-JMP

View solution in original post

JoseManuel · ‎02-13-2023

What is the specific version of HDP /CDH / CDP ?

prakodi · ‎02-14-2023

CDH 6.3

JoseManuel · ‎02-14-2023

Use the following command reference

These are to be executed from Hive Beeline to view Role Privileges and Assignments

> SHOW ROLES;
List available roles

> SHOW CURRENT ROLES;
List roles assigned to current user/group

> SHOW ROLE GRANT GROUP <GROUP NAME>;
Lists the roles that are assigned to the specified group.

> SHOW GRANT ROLE <ROLE>;
Lists the permissions that have been granted to the specified role.

>SHOW GRANT ROLE <role name> ON <object type> <object name>
Lists the permissions that a role has on an object.

prakodi · ‎02-17-2023

Hi,

Thank you for the reply, but if I know the role or group, I can easily get the details from above commands, but for a specific DB , if I want to find out what are the roles assigned, is there a way to do it ?

Assume, my schema name is schema1, how to find out the roles assigned to this schema ?

Thank you.

Regards,

PK

DianaTorres · ‎02-17-2023

@prakodi Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future. Thanks

Regards,

Diana Torres,
Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

JoseManuel · ‎02-17-2023

PK,

If you have access to the Sentry Store backend use a query like this:

SELECT
r.ROLE_NAME,
g.GROUP_NAME,
p.*,
FROM_UNIXTIME(p.CREATE_TIME / 1000) as CREATE_TIME_DATE
FROM
SENTRY_ROLE r
INNER JOIN SENTRY_ROLE_GROUP_MAP rgm ON r.ROLE_ID = rgm.ROLE_ID
INNER JOIN SENTRY_GROUP g ON g.GROUP_ID = rgm.GROUP_ID
INNER JOIN SENTRY_ROLE_DB_PRIVILEGE_MAP rpm ON r.ROLE_ID = rpm.ROLE_ID
INNER JOIN SENTRY_DB_PRIVILEGE p ON p.DB_PRIVILEGE_ID = rpm.DB_PRIVILEGE_ID;

Hope it helps,

-JMP

prakodi · ‎02-17-2023

Thank you very much.

Regards,

PK

CelsoC · ‎01-21-2025

Hello @JoseManuel ,

Is there any possible query to have a similar result with Ranger (CDP 7.1.7 sp2)?

Regards,

Celso

DianaTorres · ‎01-21-2025

@CelsoC Welcome to the Cloudera Community!
As this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post. Thanks.

Regards,

Diana Torres,
Community Moderator

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

Support Questions

How to find out the roles / groups assigned to a schema / DB in Hive