Accessing ADLS Gen2 containers from Hue in CDW with RAZ

Hue offers you the capability to browse ADLS Gen2 containers, upload files to ADLS Gen2 containers, and create tables by importing files from ABFS. With Ranger Authorization (RAZ), you can grant fine-grained access to per-user home directories.

If you have enabled RAZ while registering your AWS environment with CDP, then Hue uses RAZ as the default mechanism for enabling the ABFS File Browser. Before you can enable the ABFS File Browser in Hue, you must complete the following prerequisites:
  1. Follow the instructions listed in Introduction to RAZ on Azure environments to register an Azure environment with the Enable Ranger authorization for ADLS Gen2 option enabled. You can use the CDP web interface or the CDP CLI to complete this task.
  2. Log in to the CDP Management Console as a DWAdmin or DWUser and go to the Cloudera Data Warehouse service.
  3. Click > Open Ranger on your Database Catalog.
  4. Create the following Ranger policies:
    1. Hadoop SQL policy (all - database, table, column, all - url).
      You must grant permissions to individual users or groups in these Ranger policies. To grant permissions to all users, you can specify {USER} in the Permission section.
    2. ABFS (cm_ADLS) policy (Default: User Home)
      You must grant permissions to the following users in the Permissions section for the user home directory: {USER}.
    3. ABFS (cm_ADLS) policy (Default: user)
      You must grant permissions to the following users in the Permissions section for the root directory (/user/): hive, impala.
  5. You must also grant appropriate permissions to the users in CDP User Management Service (UMS). For example, EnvironmentUser.
  6. Specify the storage account name in the Storage Account field and the directory path of the container and its sub-directories in the Storage Account Container field of the cm_ADLS Ranger policy.