Created on 02-03-2017 11:04 AM - edited 09-16-2022 04:00 AM
We have HUE 3.11 running with HDFS 2.7.3 version. We are working on, how to control HUE user access to S3 storage buckets and folders. Currently all user can see all s3 storage buckets and its folders. Please suggest solution on how we can limit access to S3 storage based on user roles.
Technologies, we are using are:
Created 02-03-2017 12:02 PM
You may need to follow the ACL conept, pls refer the below link, it has very high level information about security
Created 02-06-2017 09:05 AM
Created on 03-09-2017 12:15 PM - edited 03-09-2017 12:17 PM
The link you have provided is talking about Hadoop ACLs.
Issue here is how I can control access to S3 buckets and objects based on HUE (3.11) login credentials. I mean when I login to HUE with my credentials, I should see S3 object only i have Privilieges (Read, write,Delete). Appreciate any thoughts to resolve this issue.
Created 03-09-2017 12:31 PM
For object based security you have to implement Sentry
1. Install Kerberos (Pre-request: for Sentry)
2. Enabling Kerberos Authentication for Hadoop (Pre-request: Kerberos Installation is different from enable Kerberos to Hadoop)
3. Add Sentry Service in cluster
4. Enable Sentry service for Hive & Impala.
5. Create necessary groups, users in OS and match the same with Hue. You can try this manually for few users/group for testing purpose...
Ex: For Role creation
Created 05-03-2017 01:18 AM
Created 05-03-2017 06:16 AM
Created 04-25-2018 02:46 AM
Sorry to revive an old thread but I would like to know if it is still true.
I too am hit by this problem and, as described above, we have removed the S3 file browser for everyone.
However I am thinking of upgrading my version of Hue as part of a move to a more recent CDH.
Is this issue fixed in any more advanced versions of Hue? Do they talk to Hadoop for access permissions - and thus Sentry?
Created 11-06-2018 04:22 AM