您的位置: 首页  >  文章  >  HUE的security browser显示There are currently no roles defined

HUE的security browser显示There are currently no roles defined

分类: 文章 2024-07-10 23:00:28

欢迎关注微信公众号九万里大数据。

如图,Roles页面显示There are currently no roles defined

HUE的security browser显示There are currently no roles defined

 

但是在Browser选项页是有roles的

HUE的security browser显示There are currently no roles defined

 

从后台HTTP请求来看,list_sentry_privileges_by_authorizable接口是有数据

HUE的security browser显示There are currently no roles defined

欢迎关注微信公众号九万里大数据。

而list_sentry_roles_by_group接口没有数据

HUE的security browser显示There are currently no roles defined

 

 

解决办法是将当前用户拉入sentry的admin组,比如hive组,sysadmins组等都可以。

HUE的security browser显示There are currently no roles defined

 

再次打开security browser的Roles选项页,已经出现了正确的roles,后台HTTP接口list_sentry_roles_by_group也有了正确的数据。

HUE的security browser显示There are currently no roles defined

 

欢迎关注微信公众号九万里大数据。总结,只要用户在sentry.service.admin.group里的都可以正常访问Roles页面。

HUE的security browser显示There are currently no roles defined

 

源码分析

https://github.com/cloudera/hue/blob/cdh6.0.1-release/apps/security/src/security/api/hive.py

HUE的security browser显示There are currently no roles defined

 

 

HUE的security browser显示There are currently no roles defined

 

欢迎关注微信公众号九万里大数据。后台HTTP接口传入的groupName默认是空的,所以进入else语句,去判断用户所在HUE数据库中的组(request.user.groups)是不是也在sentry的admin组里,如果存在的话,就返回*

 

https://github.com/cloudera/hue/blob/cdh6.0.1-release/desktop/libs/libsentry/src/libsentry/sentry_site.py

get_sentry_server_admin_groups这个函数实质上是去读取sentry-site.xml里面的sentry.service.admin.group值

HUE的security browser显示There are currently no roles defined

 

https://github.com/cloudera/hue/blob/cdh6.0.1-release/desktop/libs/libsentry/src/libsentry/api.py

 

list_sentry_roles_by_group这个函数就很普通,根据传入groupName进行role-group的字典拼装

HUE的security browser显示There are currently no roles defined

欢迎关注微信公众号九万里大数据。

HUE的security browser显示There are currently no roles defined

相关推荐