User management in Hue
Hue is a gateway to CDP cluster services and both have completely separate permissions. Being a Hue superuser does not grant access to HDFS, Hive, and so on.
Users who log on to the Hue UI must have permission to use Hue and to each CDP service accessible within Hue.
A common configuration is for Hue users
to be authenticated with an LDAP server and
CDP users
with Kerberos. These users can differ. For example, CDP services do not
authenticate each user who logs on to Hue. Rather, they authenticate Hue
and trust that
Hue has authenticated its
users.
Once Hue is authenticated by a service such as Hive, Hue impersonates the user requesting use of that service. For example, to create a Hive table. The service uses Apache Ranger to ensure the group to which that user belongs is authorized for that action.
Hue user permissions are at the application level only. For example, a Hue superuser can filter Hue user access to a CDP service but cannot authorize the use of its features. Again, Ranger does that.