creating a user for a restricted group with the shell

[Ranil De Silva]

I am trying to create a user with restricted access to just a single application - spark using the shell.

I found instructions to create a new user as follows

from django.contrib.auth.models import User

newuser = User.objects.create(id=6, username='bob', password='bob')

newuser.set_password('bob')

newuser.save()

This creates me a user but I would like to also create a new Group which includes

the new user 'bob' and just the permission 'spark.access'. Are there any examples on how to do this?

Thanks in advance

Ranil

This email is confidential and intended solely for the person(s) to whom it is addressed.

[Jenny Kim]

Ranil,

You can create a new group from the User Admin app, at path: /useradmin/users or in the submenu at the top when you click your username, called "Manage Users".

In the User Admin app you can manage groups thru the Groups tab, and click "Add Group".  There you can select the spark.access for the new group.

Jenny

[Ranil De Silva]

Hi Jenny,

Thanks for your reply. I am aware of how to create groups through the admin application but I need a way of doing it through either the configuration or a script as I need to automatically deploy hue in a new environment configured with certain users with restricted permissions.

I have a way of creating users with the script above (which I run with hue shell) but I haven't found any examples of how to create/manage permission for a user. 

Kind regards

Ranil

--

Ranil De Silva
Senior Software Engineer

Industrie IT Pty Ltd | ABN 64 125 306 658

Level 5, 50 Carrington St. Sydney NSW 2000
+61 2 8197 2545 | +61 424 265254 | Ranil....@industrieit.com

      

[Jenny Kim]

I see, we don't provide a management command that will create a new group from the shell, but it looks like you're creating users directly using Django's User model.

If you take a look at the useradmin app you can refer to the forms.views edit_form() method and forms.GroupEditForm to see how groups are created.

We use the Django auth Group model and add the corresponding Users and HuePermission as associated members and permissions.

That said, because you'd be manually creating these objects outside of the app, just note that you may face issues with any future changes to the useradmin app. 

[Ranil De Silva]

Thanks Jenny - I was hoping that there was a nice CLI to do this but I will work on manually creating this through the user models.. Is it possible to add a feature request to add support to create users, groups, permissions through management commands in the future as the useradmin application does not work when automatically deploying the application?

[Jenny Kim]

I added the feature request to our JIRA board, which you can track here: https://issues.cloudera.org/browse/HUE-2950

[Romain Rigaux]

Feel free to post your code here (and even better send a pull request ;)

To unsubscribe from this group and stop receiving emails from it, send an email to hue-user+u...@cloudera.org.

[Ranil De Silva]

Hi Jenny, Romain,

Thanks for the responses. At the moment, I got this working with the database script below  (run using hue dbscript) :

insert into auth_group values (

  (select max(id) + 1 from auth_group), 'basic');

insert into useradmin_grouppermission values (

  (select id from useradmin_huepermission where action = 'access' and app = 'rdbms'),

  (select id from auth_group where name = 'basic'),

  (select max(id) + 1 from useradmin_grouppermission));

insert into useradmin_grouppermission values (

  (select id from useradmin_huepermission where action = 'access' and app = 'spark'),

  (select id from auth_group where name = 'basic'),

  (select max(id) + 1 from useradmin_grouppermission));

insert into auth_user_groups values (

  (select max(id) + 1 from auth_user_groups),

  (select id from auth_user where username = 'bob'),

  (select id from auth_group where name = 'basic'));

Not ideal but If I come up with a better solution will post it here or send a pull request :).

Kind regards

Ranil

[Mobin Ranjbar]

I recently have created a user with python and php. You can check this is out: https://github.com/farafekr/hue-php

[Ranil De Silva]

Thanks Mobin, but may be I am missing something but I don't see your script creating a new permissions group which is what I need in this case. From looking at the script everyone inherits the default permissions group? 

Kind regards

Ranil

[Mobin Ranjbar]

Yes. My script will add a user to the default group. But you can see them and figure out how it works. You have to create a group, get the group and the permission you want to add, add the permission to the group and then get the group name and add a user to that restricted group. See bellow:

from django.contrib.auth.models import Group
from useradmin.models import HuePermission, GroupPermission, group_has_permission

newgroup = Group.objects.create(name=groupname)

group, created = Group.objects.get_or_create(name='write_access_frontend')
perm, created = HuePermission.objects.get_or_create(app='metastore', action='write')
GroupPermission.objects.get_or_create(group=group, hue_permission=perm)

g = Group.objects.get(name='groupname')
g.user_set.add(your_user)

Best,

[Ranil De Silva]

Thanks Mobin! Much appreciated!