Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to set the authority/right of Atlas Web UI User?

avatar
author-rank dreamcoding
Rising Star

Created on ‎08-26-2016 06:18 AM - edited ‎08-19-2019 03:31 AM

I want to add a new user account for atlas Web UI, so I append a line text into <atlas-conf>/users-credentials.properties 

zte=ADMIN::8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92

This means that, the user name is zte, and the password is 123456.

But when I login in the Atlas Web UI by using this user name and password, it shown like this:

6990-zteuser.jpg

The tips which on the top right of this screenshot showed that, this account are not authorized for READ *.

So, how can I set the authority/right of my new user account ?

Thank you very much.

11,436 Views
1 ACCEPTED SOLUTION

avatar
author-rank apathan author-rank
Guru

Created ‎08-26-2016 07:00 AM

@Ethan HsiehTwo authorization methods are available for Atlas: Simple and Ranger.

Simple Authorization

The default setting is Simple, and the following properties are automatically set under Advanced application-properties on the Advanced tab.

Table: Apache Atlas Simple Authorization

PropertyValue
atlas.authorizer.implsimple
atlas.auth.policy.file{{conf_dir}}/policy-store.txt

The policy-store.txt file has the following format:

Policy_Name;;User_Name:Operations_Allowed;;Group_Name:Operations_Allowed;;Resource_Type:Resource_Name

For example:

adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:*,entity:*,operation:*,taxonomy:*,term:*
userReadPolicy;;readUser1:r,readUser2:r;;DATA_SCIENTIST:r;;type:*,entity:*,operation:*,taxonomy:*,term:*
userWritePolicy;;writeUser1:rwu,writeUser2:rwu;;BUSINESS_GROUP:rwu,DATA_STEWARD:rwud;;type:*,entity:*,operation:*,taxonomy:*,term:*

In this example readUser1, readUser2, writeUser1 and writeUser2 are the user IDs, each with its corresponding access rights. The User_Name, Group_Name and Operations_Allowed are comma-separated lists.

Authorizer Resource Types:

  • Operation
  • Type
  • Entity
  • Taxonomy
  • Term
  • Unknown

Operations_Allowed are r = read, w = write, u = update, d = delete

Let me know if you have Ranger enabled in your cluster, different operations would be needed for Ranger authorization.

View solution in original post

8,738 Views
12 REPLIES 12

avatar
author-rank varunprasad_n
New Member

Created ‎07-05-2018 09:22 AM

Hi, User sync has solved the problem.

Regards,

Varun

2,740 Views
0 Kudos

avatar
author-rank alexandre_m_car
New Member

Created ‎07-13-2018 10:46 AM

Hi @Varun Nemmani,

Which usersync did you have to run?

Thanks

2,740 Views
0 Kudos

avatar
author-rank varunprasad_n
New Member

Created ‎07-19-2018 04:52 AM

Hi Alex It is Ranger user sync.

2,740 Views
0 Kudos
Announcements
Community Announcements
Welcome to the Cloudera Community!
Community Announcements
September 2025 Community Highlights
What's New @ Cloudera
Upgrade Your Spark Experience: Introducing CDS 3.5 for Cloud...
Community Announcements
August 2025 Community Highlights
Community Announcements
July 2025 Community Highlights
View More Announcements