User and Group management

Owned by Stéphanie Brion (Unlicensed)
Last updated: Jun 05, 2018
3 min read

From 1.18.20180527131007-326.2, see also Saagie Data Fabric 2.0 beta



User and group management is unified for Data Fabric, Hue, HDFS, Hive et Impala in all your platforms. 

For the time being WebHDFS and HTTPFS are excluded and will be added upon the arrival of Kerberos. Datamarts are also excluded.

User and group management is accessible from the arrow in the top right corner of the manager :

Manage groups

Click on "Manage groups" to view, create and edit groups :

Adding a group creates a group in the LDAP used by Hadoop. Then you can configure data access with Sentry, see here.

Three groups are automatically created and cannot be deleted :

  • hadoop_acl_admin : administrate ACL with Sentry
  • hadoop_admin : superuser hdfs to create a folder on hdfs root and set ACL on this folder
  • saagie : used for Saagie team support

A group cannot have the same name given as a user.

Click on a group to delete the group or add users.

Manage users

Click on "Manage users" to view, create and edit users :

A user has only one role and a list of platforms on which this role is activated. The roles only apply to the Data Fabric. Hadoop or other services are affected by the role of the user. For the Hadoop stack, the user access management is performed through the native HFDS permissions and Sentry, if installed.

Three roles are available :

  • READER : a user who owns the READER role has the right to view jobs and pipelines but without the capacity to create, edit, execute, stop, or delete them. There is no access to environment variables.
  • USER : a user who owns the USER role has the same rights as the READER role, but with the possibility to manipulate jobs and pipelines, promote job if there are multiple platforms and tag a major version of job. He can also work with environment variables.
  • ADMIN : a user who owns the ADMIN role has the same rights as the USER role, but can also administer users. An ADMIN user has these rights on all available platforms.

Multiple users are automatically created and cannot be deleted, they are essential to the proper operation of the associated services :

  • hdfs 
  • httpfs 
  • hue 
  • impala 
  • mapred 
  • oozie
  • sentry 
  • yarn 


Click on a user to edit or delete user rights :

Reset password

Each user can reset password from Reset password menu.