Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.

How to get Unix group Name mapped to Sentry role

Labels:
VijayM
Explorer

Created on ‎12-11-2018 11:13 PM - edited ‎09-16-2022 06:58 AM

Hello Team,

 

I have a query mentioned below.

 

1. How to find Unix group Name mapped to Sentry role? 100 Unix group exist on cluster Node and 10-20 sentry roles created. Require command to find which Unix group mapped to Which Unix group.

 

2. below command through beeline gives role name by providing Unix group. I want reverse way, supply role name and get unix group name.

SHOW ROLE GRANT GROUP abcde;

 

- Vijay M 

2,492 Views
0 Kudos
2
4 REPLIES 4

tjangid
Rising Star

Created ‎04-22-2019 03:53 AM

Hi @VijayM

To list all the roles assigned to the given group name (only allowed for Sentry admin users and other users that are part of the group specified by group name) you can use the below command from beeline.

SHOW ROLE GRANT GROUP group name;

Also for more details about beeline commands, you can refer to

https://www.cloudera.com/documentation/enterprise/latest/topics/sg_hive_sql.html

Regards,
Tarun Jangid
1,955 Views
0 Kudos

VijayM
Explorer

Created ‎04-22-2019 04:10 AM

@tjangid 

 

Thank you for the reply. 

 

I am looking for Sentry command from beeline which gives me group name through roles.

 

Like show  groups which mapped to given role.

 

The command you have suggested i am already aware of but for example if hosts have more than 50-60 Unix groups so 50-60 times i have to run your suggested command to find the role name.

 

- Vijay M

1,951 Views
0 Kudos

tjangid
Rising Star

Created ‎04-29-2019 10:15 PM

Hi @VijayM

I am afraid that you cannot gather the required information from the Sentry command. However, you can get it from the MySQL database.

To do so, please follow:
1. Login to MySQL.
2. Select the Sentry database using "use <database>".
3. Execute the below query:

SELECT DB_NAME, ACTION,ROLE_NAME,GROUP_NAME FROM SENTRY_DB_PRIVILEGE
INNER JOIN SENTRY_ROLE_DB_PRIVILEGE_MAP ON SENTRY_DB_PRIVILEGE.DB_PRIVILEGE_ID=SENTRY_ROLE_DB_PRIVILEGE_MAP.DB_PRIVILEGE_ID
INNER JOIN SENTRY_ROLE ON SENTRY_ROLE.ROLE_ID=SENTRY_ROLE_DB_PRIVILEGE_MAP.ROLE_ID
INNER JOIN SENTRY_ROLE_GROUP_MAP ON SENTRY_ROLE_GROUP_MAP.ROLE_ID=SENTRY_ROLE.ROLE_ID
INNER JOIN SENTRY_GROUP ON SENTRY_GROUP.GROUP_ID=SENTRY_ROLE_GROUP_MAP.GROUP_ID;

Please do let me know if this helps you.

Regards,
Tarun Jangid
1,926 Views
0 Kudos

LSeb
New Contributor

Created ‎02-08-2023 03:35 AM

This was helpful

211 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Product Announcements
CDP Public Cloud: May 2023 Release Summary
What's New @ Cloudera
Cloudera Operational Database (COD) provides enhancements to the --scale-type CDP CLI option
What's New @ Cloudera
Cloudera Operational Database (COD) UI supports creating a smaller cluster using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports scaling up the clusters vertically
Product Announcements
CDP Public Cloud: April 2023 Release Summary
View More Announcements