Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Hue permissions issue

Hue permissions issue

New Contributor

Hello,

I notice a strange security behaviour of the Hue service:
when I remove the beeswax or Impala permission from a particular Hue group, the tab in the Hue web page header disappear and thi is correct.

The problem is that knowing the URL, so just adding
- https://hue_url/notebook/editor?type=hive or
- https://hue_url/notebook/editor?type=impala
everyone can reach the Hive/Impala Hue web page and execute any queries they want.

Is that normal? Does a solution exist to fix this security issue?

Thank you,

Edoardo

2 REPLIES 2
Highlighted

Re: Hue permissions issue

Master Collaborator
I dont think it is a big security issue, because Hue does not run the queries under system account, and impersonates the users. So you can remove all select permissions from the group in Sentry, and the hive/impala editor will not be an issue.
But I admin, that Hue should not allow the functionality by a simple URL change

Re: Hue permissions issue

New Contributor

Yes, I agree with you, it is not a big security issue and you can handle the group permissions in Sentry.

 

But in my particular case I do not want to remove all the permission for that group using Sentry, because I permit the group to see the data with other tools.
I just want to block the use of Hue for that group.

 

Do you know if it is possible someway?