@Bfos   I think that i get into a similar situation long back... a top level manager from a different team needs an Hue access for a POC, he don't know linux, all he needs is a hue access to explore something   not sure i can recollect everything that I did in that situation but here are few points which may help you 1. when you create a new user in hue, it will give an option to choose the role/group, so select the role with very limited access initially (if he/she needs additional access, you can edit and add additional role upon request) 2. the problem that you have mentioned is " I can navigate up from the /user/{username} directory to the root folder in HDFS.  From here I can navigate to a folder like /tmp (which needs 777 permissions) and from there tenants may be able view data that may be in flight from another tenant."   The answer to your problem is, a. yes /tmp folder will have 777 permission but any user under /tmp should not be 777, it should be drwx--x---, so one user cannot see data from other user even under /tmp.. if you see any folder belongs to different user with 777, i don't think it is correct one b. don't try to navigate up from your user id (it may have admin access), as i've mentioned in point one, create a dummy user with limited access and try to navigate from that dummy user ... finally delete that dummy user   hope this may help you!!     ... View more