Creating roles and granting permissions for Sentry
Hue is integrated with Sentry, so you can create roles and grant permissions for
Sentry in the Hue Web UI.
To enable system administrators to create roles and grant permissions for Sentry in
Hue, configure the following:
User/group membership defined in the OS with Hadoop User
Group Mapping.
User/group membership defined in Hue Manage
Users.
Superuser access configured in Hue Manage
Users.
Sentry Database privileges set to ALL (for select,
insert, create privileges).
Sentry URI privileges to all user directories in
HDFS.
Default ACL set for hive with r-w-x
permissions so that it can load files into hdfs at
/hive/warehouse.
ACL set for the same to ensure recursive attempts are
covered.
Log on to Hue as a user with Sentry Admin and Hue Superuser
privileges (in this demo, user1).
Go to
Security > HiveTables > Roles:
http://<your_hostname>:8889/hue/security/hive#@roles
Click Add, enter a role name
(sysadmin_role), and select a group from the
drop down (sysadmins).
Click the plus icon to begin assigning privileges.
Select the database radio button:
Enter a database name.
Select ALL for create database and table privileges.
Check the box, grant permissions to give others permission
on this database.
Select the URI radio button, and enter the path to which you
want hive to have access. For example:
hdfs://<your hostname>:8020/user/
Go to the tab, File ACLs, in the Security Browser. ACLs
(access-control lists) give read/write/execute permissions to the hive user so that it can
load files into the /hive/warehouse folder in HDFS.
Add a Default ACL:
For individual users:
Expand the /user directory and select
an individual user directory.
Click the plus icon under default ACL.
Give hive r-w-x- permissions and save. If hive is not in the
drop down, manually add it.
For system administrators, in a terminal window on the host, grant
read/write/execute permissions to the hive user on
/user:
