Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Oozie Non Default Database Setup

Labels:
avatar
author-rank rgarcia
Expert Contributor

Created ‎10-13-2015 02:52 PM

From Ambari 1.7 doc http://docs.hortonworks.com/HDPDocuments/Ambari-1.7.0.0/Ambari_Doc_Suite/ADS_v170.html#ref-f6bcf79a-..., why do Oozie user need to have all privileges (GRANT ALL)? Database admins might not want to set it up this way.

1,538 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank deepesh1
Guru

Created ‎10-13-2015 03:33 PM

These permissions should be enough for the oozie user on Oracle:

GRANT SELECT_CATALOG_ROLE TO <OOZIE USER>;
GRANT CONNECT, RESOURCE TO <OOZIE USER>;

For the other databases MySQL and PostgresQL I agree with @David Streever that the permission needs to be set to just Oozie database. Additionally we want to limit the access from just the oozie host. On MySQL this can be:

GRANT ALL PRIVILEGES ON <OOZIE DB>.* TO '<OOZIE USER>'@'<OOZIE HOST>'

View solution in original post

1,389 Views
0
3 REPLIES 3

avatar
author-rank dstreev author-rank
Guru

Created ‎10-13-2015 03:07 PM

It should be GRANT ALL to just it's Oozie Database. Because the 'oozie' user needs to be able to create the schema in the target database.

1,389 Views

avatar
author-rank deepesh1
Guru

Created ‎10-13-2015 03:33 PM

These permissions should be enough for the oozie user on Oracle:

GRANT SELECT_CATALOG_ROLE TO <OOZIE USER>;
GRANT CONNECT, RESOURCE TO <OOZIE USER>;

For the other databases MySQL and PostgresQL I agree with @David Streever that the permission needs to be set to just Oozie database. Additionally we want to limit the access from just the oozie host. On MySQL this can be:

GRANT ALL PRIVILEGES ON <OOZIE DB>.* TO '<OOZIE USER>'@'<OOZIE HOST>'
1,390 Views
0

avatar
author-rank KuldeepK author-rank
Master Guru

Created ‎11-16-2015 06:47 AM

Yes! GRANT ALL is needed!

mysql> create database oozie;
Query OK, 1 row affected (0.00 sec)

mysql> grant all privileges on oozie.* to 'oozie'@'localhost' identified by 'oozie';
Query OK, 0 rows affected (0.00 sec)

mysql> grant all privileges on oozie.* to 'oozie'@'%' identified by 'oozie';
Query OK, 0 rows affected (0.00 sec)

mysql> exit
1,389 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements