Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

What AD groups are required planning to enable sentry authorization

Labels:
cplusplus1
Explorer

Created on ‎06-23-2017 12:22 PM - edited ‎09-16-2022 04:48 AM

We are now planning to enable sentry user authorization via Hue.

 

I am a bit confused an not sure, of this question.

 

What Ad groups are required with enabling sentry authorization.

 

I am trying to find of any document that gves those details on cloudera hadoop or google not finding.

 

I see a document on navigator where they mentioned of these below groups: are they really Ad groups? that needed to be created.

 

Here are the various groups, that are required: picked up from Cloudera Navigator document:
Auditor, Read-Only, Limited Operator, Operator, Configurator, Cluster Administrator ,BDR Administrator, Navigator Administrator, User Administrator, Key Administrator, Full Administrator

 

 

Thank you very much for the helpful info.

2,758 Views
0 Kudos
4 REPLIES 4

mbigelow
Champion

Created ‎06-24-2017 06:01 AM

Those are roles for Navigator. You would assign users and/or groups to those roles.

In Sentry, you create the roles,, grant privileges to a role, and attached a group to a role. Then the users in said group would have the access specified for that role.

Effectively you need at least one group but it can be any AD group by any name. You will likely need more than just one to delegate access and control.
2,741 Views
0 Kudos

cplusplus1
Explorer

Created ‎06-24-2017 07:24 AM

The groups which are to be created on cloudera navigator are not really
Network Active Directory groups of domain right?



2,739 Views
0 Kudos

mbigelow
Champion

Created ‎06-26-2017 03:14 AM

The roles you mentioned for Navigator; those do not need to be created as AD groups.
2,719 Views
0 Kudos

Dexter
New Contributor

Created ‎09-28-2018 07:35 AM

A new bee in this big data world ...need some help here !...Our corporate AD is being integrated with kerberized Hadoop cluster. Just wanted to validate if this is how the entire setup works.

 

1. I have my corporate AD Groups with their Uid and Groups attached

2. We define a cross realm trust between kerberos to Cop AD to enable Hadoop cluster to use corp AD groups

3. Create Role on Sentry and give priviledges on data objects

4. Attach the AD groups to the Sentry for atatching the users to privledges

1,887 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Community Announcements
January 2023 Community Highlights
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector 2.6.30 for Impala is Released
What's New @ Cloudera
Cloudera Operational Database (COD) provides a CLI option to enable HBase region canaries
What's New @ Cloudera
Cloudera Operational Database (COD) supports creating an operational database using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports configuring JWT authentication for your HBase clients
View More Announcements