Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

REST API to assign Sandbox roles to Ambari users

avatar
Super Collaborator

I can see 5 new Sandbox roles - Cluster Administrator, Cluster Operator, Service Administrator, Service Operator, Cluster User. Can someone please tell me the REST API to assign these roles to Ambari users? I tried retrieving roles through this call:

curl -iv -u admin:admin -X GET http://ambari-server:8080/api/v1/roles

but this seems broken. Please help.

1 ACCEPTED SOLUTION

avatar
Super Collaborator
@mrizvi

You can use below api :

curl -iv -u admin:admin -H "X-Requested-By: ambari" -X POST -d '[{"PrivilegeInfo":{"permission_name":"SERVICE.OPERATOR","principal_name":"testuser","principal_type":"USER"}}]' https://<ambari_host>:8080/api/v1/clusters/<cluster_name>/privileges

permission_name could be one of the below :

CLUSTER.ADMINISTRATOR

CLUSTER.OPERATOR

SERVICE.ADMINISTRATOR

SERVICE.OPERATOR

CLUSTER.USER

principal_type could be either : USER or GROUP

View solution in original post

6 REPLIES 6

avatar
Super Collaborator
@mrizvi

You can use below api :

curl -iv -u admin:admin -H "X-Requested-By: ambari" -X POST -d '[{"PrivilegeInfo":{"permission_name":"SERVICE.OPERATOR","principal_name":"testuser","principal_type":"USER"}}]' https://<ambari_host>:8080/api/v1/clusters/<cluster_name>/privileges

permission_name could be one of the below :

CLUSTER.ADMINISTRATOR

CLUSTER.OPERATOR

SERVICE.ADMINISTRATOR

SERVICE.OPERATOR

CLUSTER.USER

principal_type could be either : USER or GROUP

avatar
Super Collaborator

The principal_name should be a kerberos principal? Because my Sandbox is not kerberized.

avatar
Super Collaborator

@mrizvi

Its not kerberos principle. Its the 'username' to which you want to grant the respective role.

For example above api call grants 'SERVICE.OPERATOR' role to 'testuser'.

avatar
Super Collaborator

It is giving me below exception:

* About to connect() to sandbox.hortonworks.com port 8080 (#0)

* Trying 10.0.2.15... connected

* Connected to sandbox.hortonworks.com (10.0.2.15) port 8080 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

* CAfile: /etc/pki/tls/certs/ca-bundle.crt

CApath: none

* NSS error -12263

* Closing connection #0

* SSL connect error

curl: (35) SSL connect error

avatar
Super Collaborator

@mrizvi

Did you enable ambari server ssl ?

From your command I presume your cluster is not https.

avatar
Super Collaborator

@mrizvi

I didnt mean that. Its not compulsory for this operation. The api end point which I provided should grant the necessary role.

But the issue which you are facing might be due to some corrupted configs and need to be debugged further.

Can you please post the output of /var/log/ambari-server/ambari-server.log