Providing full administrative permissions to the users on a temporary basis

When users login to Cloudera Manager UI, there are only limited admins, which implies that they are restricted to perform several modifications like adding roles to hostgroups and pertinent operations. On a short term basis, it could be necessary for the users to fix a cluster or perform some immediate task(s) that can unblock performance related challenges. 

The users are provided access to perform short term operational tasks and improve the overall functioning of Cloudera Manager.
  1. SSH to the Cloudera Manager instance and switch to root user.
  2. Grab the DB access info from:
    /etc/cloudera-scm-server/db.properties
    
        1. You will need the following values:

    com.cloudera.cmf.db.host

    com.cloudera.cmf.db.name

    com.cloudera.cmf.db.user

    com.cloudera.cmf.db.password
    
        2. You can use the following command to export them to variables. Use PGPASSWORD to avoid password prompt:

    export DBHOST=$(grep "db.host" /etc/cloudera-scm-server/db.properties | cut -d'=' -f2);
 
    export DBNAME=$(grep "db.name" /etc/cloudera-scm-server/db.properties | cut -d'=' -f2);
 
    export DBUSER=$(grep "db.user" /etc/cloudera-scm-server/db.properties | cut -d'=' -f2);
 
    export PGPASSWORD=$(grep "db.password" /etc/cloudera-scm-server/db.properties | cut -d'=' -f2);
    
  3. Connect to the database:
    psql -d $DBNAME -h $DBHOST -U $DBUSER
  4. Adding user as admin:
    1. Get user ID (user must have logged on previously):


      select USER_ID,USER_NAME from USERS;

    2. Set admin role (replace <user's id> with the right one from the previous select):

      INSERT INTO user_auth_roles SELECT <user's id>, auth_role_id FROM auth_roles WHERE auth_roles.name='ROLE_ADMIN';

    3. Quit postgres

      Use CTRL+d or \q

  5. Restart Cloudera Manager.
    For the changes to take effect immediately, you might have to restart Cloudera Manager:
systemctl restart cloudera-scm-server.service
Be sure you have cleaned up cookies in your browser or use a new private window when trying to login using the new role.