Support Questions

VidyaSargur · ‎09-30-2021

Hi, I would like to create the access privileges in database and table level.

So, what I had performed is:

1. Create user in hue (Manage User)

a) testuser1 (non-sentry admin group), assigned under "testgroup"

b) admin (Sentry-admin-group), assigned under "admingroup"

2. Grant role to the user "testuser1":

create role role_test;

grant all on server server1 to role role_test;

grant role role_test to group testgroup;

However, when login in as "testuser1" in hue, I can't see any database. And check via query "show current role" and no record is returned.

Is there any steps I have missed?

Thank you!

ahding90 · ‎10-05-2021

Finally, it's resolved.

I made a mistake where create the unix user & group in the wrong location.

It should create in the master node instead.

Also, it might need to restart the cluster in order to make the changes (for my case I have to restart, else I couldn't view the granted table list in the Hue Manager)

Thank you! New lesson learned. 🙂

View solution in original post

ChethanYM · ‎10-03-2021

Hi,

1. Just to isolate the issue have you tried to list the databases outside of Hue may be from impala-shell? are you able to see the databases? do confirm and provide the error stack trace if you find any.

2. Go to Hue -> Security -> Hive Tables -> Browse -> and see if you are able to see the databases.

1. create role test_role;

2. GRANT ALL ON database <db_name> TO ROLE test_role;

3. GRANT ROLE test_role to GROUP <group-name>;

Note: Make sure the user is part of this particular group on all the hosts in the cluster.

Verify and you can provide the output for below command:

a. show grant role role_test;

Regards,

Chethan YM

ahding90 · ‎10-03-2021

Hi @ChethanYM thanks for your response. Please find my replies below in green.

1. Just to isolate the issue have you tried to list the databases outside of Hue may be from impala-shell? are you able to see the databases? do confirm and provide the error stack trace if you find any.

Yes, able to list the database outside of Hue.

2. Go to Hue -> Security -> Hive Tables -> Browse -> and see if you are able to see the databases.

If impersonate as the testuser, I can't view any database, only default DB is showing, but the objects contains inside the default DB is also not showing as well.

If impersonate as the admin, yes, admin can view all the DB created and the objects granted.

1. create role test_role;

2. GRANT ALL ON database <db_name> TO ROLE test_role;

3. GRANT ROLE test_role to GROUP <group-name>;

Note: Make sure the user is part of this particular group on all the hosts in the cluster.

To confirm on this part. How I assign the user is part of the particular group is:

1. From Hue, Manager User, edit user, assign group via Step 2: Group and Profile

2. Create user and group in unix via root.

Is there any steps I missed out here? I think main problem is this particular user is not properly assigned into the group.

Verify and you can provide the output for below command:

a. show grant role role_test;

Outcome:

Additional info:

Login as testuser and query "show current role", no data is returned.

ChethanYM · ‎10-04-2021

Hi,

1. Are you able to see the databases outside of hue as a testuser?

2. User and group mapping should be proper and correct to access the databases, please compare the user groups who have access and who doesn't have access.

3. id -Gn <user-id> ( it shows the allocated groups and compare with other users who have access if any groups are missing add the user to that group and give a try )

4. If testuser user cannot see the databases throgh impala-shell and you have given proper privileges then something might messed up at os level with user group mappings, you can try restarting the SSSD and clear cache of SSSD on all hosts and give a try.