Hi,
We are running Hue as part of CDH 6.2 (and currently upgrading to 6.3.3). We have an AD group - hue-users - which is the base_dn in the CDH Hue config. This group controls basic access to Hue.
I would like to add another AD group. How do I do this?
For context, this is so that we can split permissions between groups. One group (hue-users) is for user access (all modules). The other is for unattended service accounts, so we only want them be able to access/schedule/run Oozie jobs.
Edit: they're all in the same AD realm, although not necessarily the same OU path.
My current config is (the numbers are for reading nested AD groups)
(memberOf:1.2.840.113556.1.4.1941:=CN=hue-users,OU=x,DC=x,DC=x,DC=x)
I've tried (with various brackets etc):
((memberOf:1.2.840.113556.1.4.1941:=CN=hue-users,OU=x,DC=x,DC=x,DC=x) || (memberOf:1.2.840.113556.1.4.1941:=CN=service-users,OU=x,DC=x,DC=x,DC=x))
(|(memberOf:1.2.840.113556.1.4.1941:=CN=hue-users,OU=x,DC=x,DC=x,DC=x)(memberOf:1.2.840.113556.1.4.1941:=CN=service-users,OU=x,DC=x,DC=x,DC=x))
None have worked. Any suggestions?
