Hue offers you the capability to browse ADLS Gen2 containers, upload files to ADLS Gen2
containers, and create tables by importing files from ABFS. With Ranger Authorization (RAZ),
you can grant fine-grained access to per-user home directories.
If you have enabled RAZ while registering your AWS
environment with CDP, then Hue uses RAZ as the default mechanism for enabling the ABFS
File Browser. Before you can enable the ABFS File Browser in Hue, you must complete the
following prerequisites:
-
Follow the instructions listed in Introduction to RAZ on Azure
environments to register an Azure environment with the
Enable Ranger authorization for ADLS Gen2 option
enabled. You can use the CDP web interface or the CDP CLI to complete this
task.
-
Log in to the CDP Management Console as a DWAdmin or DWUser and go to the
Cloudera Data Warehouse service.
-
Click on your Database Catalog.
-
Create the following Ranger policies:
-
Hadoop SQL policy (
all - database,
table, column, all - url).
You must grant permissions to individual users or groups in these
Ranger policies. To grant permissions to all users, you can specify
{USER} in the
Permission section.
-
ABFS (cm_ADLS) policy (
Default: User
Home)
You must grant permissions to the following users in the
Permissions section for the user home
directory: {USER}.
-
ABFS (cm_ADLS) policy (
Default:
user)
You must grant permissions to the following users in the
Permissions section for the root directory
(/user/): hive,
impala.
-
You must also grant appropriate permissions to the users in CDP User Management
Service (UMS). For example, EnvironmentUser.
-
Specify the storage account name in the Storage Account
field and the directory path of the container and its sub-directories in the
Storage Account Container field of the
cm_ADLS Ranger policy.
> Open Ranger on your Database Catalog.
