"Authorization Exception" error on submitting queries in Hue
If you have secured your cluster using Ranger, then you must grant the required
permissions to your users and groups from the Ranger web UI. If your users do not have
proper permissions, then they may not be able to access certain databases or tables from the
Hue editor.
If your users see the "Authorization Exception: User does not have privileges to
execute..." error on submitting queries from the Hue editor, then grant them the proper
permissions using the Ranger web UI.
Log into Cloudera Manager as an administrator.
Go to Clusters > Ranger service > Instances tab and note down the hostname corresponding to the Ranger
Usersync role type.
Open the Ranger web UI by clicking Ranger Admin Web
UI.
SSH into the Ranger Usersync host that you noted in step 2 and add the user or
the group as follows:
On the Ranger web UI, click Hadoop SQL listed under the
HADOOP SQL service.
The Hadoop SQL Policies page is displayed.
On the Hadoop SQL Policies page, you can grant the new
user access to all the databases or to specific databases by adding a new
policy.
To grant the permission on all databases:
Click the policy ID corresponding to "all - database, table,
column".
On the Edit Policy page, add the user whom you
want to grant the permission in the Select
User field under the Allow
Conditions section as shown in the following
image:
To grant permissions to a group, enter the group name in
the Select Group field.
Click Save.
To grant permission on specific database:
Click Add New Policy.
The Create
Policy page is displayed.
Under the Policy Details section, specify the
policy name and select the database, table, and column that you want
your user to access as shown in the following image:
Under the Allow Conditions section, enter the
username in the Select User field and click
Add Permissions and select the
permissions that your user must have.
To grant permissions to a
group, enter the group name in the Select
Group field.
Click Add.
Start the Hue service from Cloudera Manager.
The user or the group should be able to run any query on any
entities as defined in the policy.