O'Reilly logo
  • Anant Aneja thinks this is interesting:

Each Hue application defines one or more actions that users can perform. Authorization is controlled by setting an ACL per action that lists the groups that can perform that action. Every application has an action called “Launch this application” which controls which users can run that application. Several applications define additional actions that can be controlled.


The permissions granted in Hue only grant privileges to invoke the given action from the given Hue app. The user performing an action will still need to be authorized by the service they’re accessing. For example, a user might have permissions for the “Allow DDL operations” in the Metastore app, but if...


Cover of Hadoop Security


How Hue actions relate to 'groups'