Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

REST API to assign Sandbox roles to Ambari users

Labels:
avatar
author-rank mrizvi
Super Collaborator

Created ‎08-17-2016 05:02 PM

I can see 5 new Sandbox roles - Cluster Administrator, Cluster Operator, Service Administrator, Service Operator, Cluster User. Can someone please tell me the REST API to assign these roles to Ambari users? I tried retrieving roles through this call:

curl -iv -u admin:admin -X GET http://ambari-server:8080/api/v1/roles

but this seems broken. Please help.

2,560 Views
1 ACCEPTED SOLUTION

avatar
author-rank ssharma
Super Collaborator

Created ‎08-17-2016 06:41 PM

@mrizvi

You can use below api :

curl -iv -u admin:admin -H "X-Requested-By: ambari" -X POST -d '[{"PrivilegeInfo":{"permission_name":"SERVICE.OPERATOR","principal_name":"testuser","principal_type":"USER"}}]' https://<ambari_host>:8080/api/v1/clusters/<cluster_name>/privileges

permission_name could be one of the below :

CLUSTER.ADMINISTRATOR

CLUSTER.OPERATOR

SERVICE.ADMINISTRATOR

SERVICE.OPERATOR

CLUSTER.USER

principal_type could be either : USER or GROUP

View solution in original post

1,975 Views
6 REPLIES 6

avatar
author-rank ssharma
Super Collaborator

Created ‎08-17-2016 06:41 PM

@mrizvi

You can use below api :

curl -iv -u admin:admin -H "X-Requested-By: ambari" -X POST -d '[{"PrivilegeInfo":{"permission_name":"SERVICE.OPERATOR","principal_name":"testuser","principal_type":"USER"}}]' https://<ambari_host>:8080/api/v1/clusters/<cluster_name>/privileges

permission_name could be one of the below :

CLUSTER.ADMINISTRATOR

CLUSTER.OPERATOR

SERVICE.ADMINISTRATOR

SERVICE.OPERATOR

CLUSTER.USER

principal_type could be either : USER or GROUP

1,976 Views

avatar
author-rank mrizvi
Super Collaborator

Created ‎08-17-2016 06:50 PM

The principal_name should be a kerberos principal? Because my Sandbox is not kerberized.

1,975 Views
0 Kudos

avatar
author-rank ssharma
Super Collaborator

Created ‎08-17-2016 08:02 PM

@mrizvi

Its not kerberos principle. Its the 'username' to which you want to grant the respective role.

For example above api call grants 'SERVICE.OPERATOR' role to 'testuser'.

1,975 Views

avatar
author-rank mrizvi
Super Collaborator

Created ‎08-17-2016 08:07 PM

It is giving me below exception:

* About to connect() to sandbox.hortonworks.com port 8080 (#0)

* Trying 10.0.2.15... connected

* Connected to sandbox.hortonworks.com (10.0.2.15) port 8080 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

* CAfile: /etc/pki/tls/certs/ca-bundle.crt

CApath: none

* NSS error -12263

* Closing connection #0

* SSL connect error

curl: (35) SSL connect error

1,975 Views
0 Kudos

avatar
author-rank ssharma
Super Collaborator

Created ‎08-17-2016 08:12 PM

@mrizvi

Did you enable ambari server ssl ?

From your command I presume your cluster is not https.

1,975 Views

avatar
author-rank ssharma
Super Collaborator

Created ‎08-17-2016 08:22 PM

@mrizvi

I didnt mean that. Its not compulsory for this operation. The api end point which I provided should grant the necessary role.

But the issue which you are facing might be due to some corrupted configs and need to be debugged further.

Can you please post the output of /var/log/ambari-server/ambari-server.log

1,975 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements