Hue offers you the capability to browse S3 buckets, upload files to S3, and create
tables by importing files from S3. With Ranger Authorization (RAZ), you can grant
fine-grained access to per-user home directories.
If you have enabled RAZ while registering your AWS
environment with CDP, then Hue uses RAZ as the default mechanism for enabling the S3
File Browser. Before you can enable the S3 File Browser in Hue, you must complete the
following prerequisites:
-
Follow the instructions listed in Introduction to RAZ on AWS
environments to register an AWS environment with the
Enable Ranger authorization for AWS S3 option
enabled. You can use the CDP web interface or the CDP CLI to complete this
task.
-
Log in to the CDP Management Console as a DWAdmin or DWUser and go to the
Cloudera Data Warehouse service.
-
Click on your Database Catalog.
-
Create the following Ranger policies:
-
Hadoop SQL policy (
all - database,
table, column, all - url).
You must grant permissions to individual users or groups in these
Ranger policies. To grant permissions to all users, you can specify
{USER} in the
Permission section.
-
S3 (cm_S3) policy (
Default: User
Home)
You must grant permissions to the following users in the
Permissions section for the user home
directory (/user/{USER}):
{USER}.
Specify the bucket name in the S3 Bucket field
and the directory path in the Path field of the
cm_S3 Ranger policy.
-
S3 (cm_S3) policy (
Default:
user)
You must grant permissions to the following users in the
Permissions section for the root directory
(/user/): hive,
impala.
-
You must also grant appropriate permissions to the users in CDP User Management
Service (UMS). For example, EnvironmentUser.
> Open Ranger on your Database Catalog.
