Support Questions

mrizvi · ‎08-17-2016

I can see 5 new Sandbox roles - Cluster Administrator, Cluster Operator, Service Administrator, Service Operator, Cluster User. Can someone please tell me the REST API to assign these roles to Ambari users? I tried retrieving roles through this call:

curl -iv -u admin:admin -X GET http://ambari-server:8080/api/v1/roles

but this seems broken. Please help.

ssharma · ‎08-17-2016

@mrizvi

You can use below api :

curl -iv -u admin:admin -H "X-Requested-By: ambari" -X POST -d '[{"PrivilegeInfo":{"permission_name":"SERVICE.OPERATOR","principal_name":"testuser","principal_type":"USER"}}]' https://<ambari_host>:8080/api/v1/clusters/<cluster_name>/privileges

permission_name could be one of the below :

CLUSTER.ADMINISTRATOR

CLUSTER.OPERATOR

SERVICE.ADMINISTRATOR

SERVICE.OPERATOR

CLUSTER.USER

principal_type could be either : USER or GROUP

View solution in original post

ssharma · ‎08-17-2016

@mrizvi

You can use below api :

curl -iv -u admin:admin -H "X-Requested-By: ambari" -X POST -d '[{"PrivilegeInfo":{"permission_name":"SERVICE.OPERATOR","principal_name":"testuser","principal_type":"USER"}}]' https://<ambari_host>:8080/api/v1/clusters/<cluster_name>/privileges

permission_name could be one of the below :

CLUSTER.ADMINISTRATOR

CLUSTER.OPERATOR

SERVICE.ADMINISTRATOR

SERVICE.OPERATOR

CLUSTER.USER

principal_type could be either : USER or GROUP

mrizvi · ‎08-17-2016

The principal_name should be a kerberos principal? Because my Sandbox is not kerberized.

ssharma · ‎08-17-2016

@mrizvi

Its not kerberos principle. Its the 'username' to which you want to grant the respective role.

For example above api call grants 'SERVICE.OPERATOR' role to 'testuser'.

mrizvi · ‎08-17-2016

It is giving me below exception:

* About to connect() to sandbox.hortonworks.com port 8080 (#0)

* Trying 10.0.2.15... connected

* Connected to sandbox.hortonworks.com (10.0.2.15) port 8080 (#0)

* Initializing NSS with certpath: sql:/etc/pki/nssdb

* CAfile: /etc/pki/tls/certs/ca-bundle.crt

CApath: none

* NSS error -12263

* Closing connection #0

* SSL connect error

curl: (35) SSL connect error

ssharma · ‎08-17-2016

@mrizvi

Did you enable ambari server ssl ?

From your command I presume your cluster is not https.

ssharma · ‎08-17-2016

@mrizvi

I didnt mean that. Its not compulsory for this operation. The api end point which I provided should grant the necessary role.

But the issue which you are facing might be due to some corrupted configs and need to be debugged further.

Can you please post the output of /var/log/ambari-server/ambari-server.log

Cloudera Community

Support Questions

REST API to assign Sandbox roles to Ambari users