Support Questions

Find answers, ask questions, and share your expertise

Sentry Authorization issue in Hue 4 (CDH 5.16)

avatar
New Contributor

We have a CDH 5.16 cluster with:- two way Active Directory kerberos & sentry enabled, also Hue backend authentication enabled with AD...

 

We have a "user1" added in AD.... user1 can do kinit & get the tgt. & "user1" is not added in linux user /etc/passwd

 

Problem statment:- user1 logs in to Hue, it clicks to the database icon & since no privileges are given to user1, so it can not see any hive tables...that is expected with sentry authorization.....

 

But...the problem is:- if the user1 clicks HDFS icon in Hue, then user1 is able to see all the data present in hdfs including /user/hive/warehouse/

 

Why in Hue GUI, user1 is able to read all the data from hdfs including hive warehouse directory...even though sentry is enabled...

Isn't the purpose of authorization defeated the moment the "user1" is able to access the data using Hue GUI by clicking HDFS icon, even though we have not provided any privileges to it & also user1 is not added in Linux user in /etc/passwd.

1 REPLY 1

avatar
Expert Contributor

Hi @Muba 

Please check if the Hue user user1 is not part of HDFS superuser group.

This might give the user access to file browser and all the hdfs directories.