Support Questions

Thank you for your response. So what would be best option to solve this issue.When we rehydrate our EMR the Superuser is no longer in the system. Currently I login before anyone logins to avoid giving access to people who shouldnt have access.Also what do we need to do to get  the 6.1 update when it is up.

Curently 

             user_filter=(|(memberof=CN=admingroup,OU=ouname,DC=stuff,DC=stuff1,DC=stuff2,DC=stuff3)                                               (memberof=CN=nonadmingroup,OU=ouname,DC=stuff,DC=stuff1,DC=stuff2,DC=stuff3)),
             user_name_attr=cn

             NO FILTERS IN GROUP

This will only give access to people in those AD groups.I want the admingroup get superuser access.

 

 

@Timothy,

 

I'm not sure what "rehydrate our EMR the Superuser is no longer in the system." means.  Are you deleting your Hue database users from Hue itself? 

 

The is_superuser flag is associated with your user Hue user in the Hue database.  Once there is an LDAP-authenticated user that is a superuser, no other users will be able to become superuser without you granting that access explicitly.

 

If you want to clean out the Hue users from the Hue database and start over while protecting a random user from getting superuser access as the first user to log in, you could temporarily configure the search filter to only return your user.  Once you have logged into Hue, change the filter back to what you want and start over.

 

Please visit the Cloudera upgrade documentation to review what is required for upgrading when the time comes.  It is a big upgrade and can require some manual processes especially if you use Solr.

 

It will be available for download when it is released to the public

 

 

@bgooley

 

Regarding "Rehydrate our EMR the Superuser is no longer in the system" 

 

We launch our EMR on AWS via CLoud Formation Template(CFT).Hue is enabled on our EMR.We delete our CFT every two months or so which tears down our EMR which has HUE enabled and rehydrate a new EMR with HUE enabled.Whatever user data we had in the old EMR is deleted now.This causes the problem where the first user who logins become the superuser.We where wondering if we can add a filter  like the user_filter or another work around to avoid this situation.

 

Maybe off topic: but even with LDAP how do you want to implement security? (PErmissions on tables, databases). I suspect your EMR is not using Kerberos right?

@Tomas79

 

When you say security I am guessing regarding the login's. We currently are securing the authentication by limiting the users to only certain AD groups in the user_filter section in hue.ini.

 

The issue we are having is with first user that logins after the EMR is launched is being given superuser status.I want the super user status to be given to only members of a certain admin AD group.