Assigning superuser status to an LDAP user

The Hue User Admin application provides two levels of privileges: users and superusers. The superusers have administrative privileges.

Users can change their name, email address, and password. They can log in to Hue and run Hue applications according to their group permissions.

Superusers can perform administrative functions such as:
  • Add and delete users and groups
  • Import and sync users and groups from an LDAP server
  • Assign group permissions
  • Promote users to superusers and vice versa.

Hue superusers have no special privileges to the underlying CDP cluster services. Ranger is used to add those privileges.

In a secure cluster with LDAP deployed, there are three ways to assign superuser status to a user:
  • With desktop.auth.backend.AllowAllBackend set for the Authentication Backend property in Cloudera Manager temporarily enabled, assign superuser status and synchronize one user to the LDAP server.
  • With desktop.auth.backend.LdapBackend set for the Authentication Backend property in Cloudera Manager, run a Hue shell command to apply superuser status.
  • Enable multiple backends so that the first user to log on still works when integrated with LDAP.