Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

What AD groups are required planning to enable sentry authorization

What AD groups are required planning to enable sentry authorization

cplusplus1
Explorer

Created ‎06-23-2017 12:22 PM

We are now planning to enable sentry user authorization via Hue.

 

I am a bit confused an not sure, of this question.

 

What Ad groups are required with enabling sentry authorization.

 

I am trying to find of any document that gves those details on cloudera hadoop or google not finding.

 

I see a document on navigator where they mentioned of these below groups: are they really Ad groups? that needed to be created.

 

Here are the various groups, that are required: picked up from Cloudera Navigator document:
Auditor, Read-Only, Limited Operator, Operator, Configurator, Cluster Administrator ,BDR Administrator, Navigator Administrator, User Administrator, Key Administrator, Full Administrator

 

 

Thank you very much for the helpful info.

Reply
1,998 Views
0 Kudos
4 REPLIES 4

Re: What AD groups are required planning to enable sentry authorization

mbigelow
Champion

Created ‎06-24-2017 06:01 AM

Those are roles for Navigator. You would assign users and/or groups to those roles.

In Sentry, you create the roles,, grant privileges to a role, and attached a group to a role. Then the users in said group would have the access specified for that role.

Effectively you need at least one group but it can be any AD group by any name. You will likely need more than just one to delegate access and control.
Reply
1,981 Views
0 Kudos

Re: What AD groups are required planning to enable sentry authorization

cplusplus1
Explorer

Created ‎06-24-2017 07:24 AM

The groups which are to be created on cloudera navigator are not really
Network Active Directory groups of domain right?



Reply
1,979 Views
0 Kudos

Re: What AD groups are required planning to enable sentry authorization

mbigelow
Champion

Created ‎06-26-2017 03:14 AM

The roles you mentioned for Navigator; those do not need to be created as AD groups.
Reply
1,959 Views
0 Kudos

Re: What AD groups are required planning to enable sentry authorization

Dexter
New Contributor

Created ‎09-28-2018 07:35 AM

A new bee in this big data world ...need some help here !...Our corporate AD is being integrated with kerberized Hadoop cluster. Just wanted to validate if this is how the entire setup works.

 

1. I have my corporate AD Groups with their Uid and Groups attached

2. We define a cross realm trust between kerberos to Cop AD to enable Hadoop cluster to use corp AD groups

3. Create Role on Sentry and give priviledges on data objects

4. Attach the AD groups to the Sentry for atatching the users to privledges

Reply
1,127 Views
0 Kudos
Don't have an account?
Register
Coming from Hortonworks? Activate your account here