Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

How to deny admin user/group from dropping hive tables from Hue?

avatar
author-rank Shivakuk
Explorer

Created ‎02-18-2024 11:08 PM

Hi community,

From Hue security browser, I have a RBAC role (admin), which was given all permission on all databases.
I have this Database A which consists of table1,2,3
I want to deny this admin role from dropping Database A -> Table1 and Table2.

Can you show me how this can be done on sentry?

Thanks!!

401 Views
2 ACCEPTED SOLUTIONS

avatar
author-rank jAnshula author-rank
Expert Contributor

Created ‎02-20-2024 09:20 AM

Hi @Shivakuk 

Please refer below doc, you can use the Revoke statements in sentry to restrict the access on a database

https://docs.cloudera.com/documentation/enterprise/6/latest/topics/sg_hive_sql.html#revoke_privilege...

 

Let us know if this helps

View solution in original post

363 Views
0 Kudos

avatar
author-rank jAnshula author-rank
Expert Contributor

Created ‎02-22-2024 02:53 AM

Hi  @Shivakuk  As I test Sentry does not support DROP and DELETE privilege.

However if you want to remove the DROP access from Admin user, then you have first remove ALL privileges and just provide  SELECT and INSERT privileges to the user

NOTE: The DELETE, UPDATE, and UPSERT operations require the ALL privilege on the DB/ Table/ Column.

View solution in original post

319 Views
3 REPLIES 3

avatar
author-rank jAnshula author-rank
Expert Contributor

Created ‎02-20-2024 09:20 AM

Hi @Shivakuk 

Please refer below doc, you can use the Revoke statements in sentry to restrict the access on a database

https://docs.cloudera.com/documentation/enterprise/6/latest/topics/sg_hive_sql.html#revoke_privilege...

 

Let us know if this helps

364 Views
0 Kudos

avatar
author-rank Shivakuk
Explorer

Created ‎02-20-2024 07:44 PM

The document from Cloudera does not specifically mention on how to revoke drop privilege.

Please advise.

349 Views
0 Kudos

avatar
author-rank jAnshula author-rank
Expert Contributor

Created ‎02-22-2024 02:53 AM

Hi  @Shivakuk  As I test Sentry does not support DROP and DELETE privilege.

However if you want to remove the DROP access from Admin user, then you have first remove ALL privileges and just provide  SELECT and INSERT privileges to the user

NOTE: The DELETE, UPDATE, and UPSERT operations require the ALL privilege on the DB/ Table/ Column.

320 Views
webinar banner
Announcements
Community Announcements
May 2024 Community Highlights
What's New @ Cloudera
Cloudera Operational Database (COD) supports instance group ...
What's New @ Cloudera
Cloudera Operational Database (COD) has updated the instanc...
What's New @ Cloudera
Cloudera Operational Database (COD) supports configuring roo...
What's New @ Cloudera
Cloudera Operational Database (COD) has updated the HDFS ins...
View More Announcements
meetups banner