Cloudera: Proxy Group Configuration

Configure Settings on Cloudera Interface

After Installing Arcadia Enterprise Using Cloudera Manager, perform the following steps on the Cloudera Manager interface, for proxy user and group configuration:

1. Log into Cloudera Manager and click Clusters in the top navigation menu.
2. Under Arcadia Enterprise, click Configuration in the top menu bar.
3. On the Configuration page, under Filters > Scope, click Arcadia Analytics Engine.
4. In the main area of the interface, in the search box, enter the text proxy and start the search.
5. In the Proxy Group Configuration field, enter the username of the proxy user and the group to whom you are allowed to delegate. In our example, we entered arcadia=Group1, where proxy user is arcadia and the group to whom this proxy user is delegating to is Group1.

   You can also specify a list of groups, separated by a delimiter. Default delimiter is comma, which can be changed with the authorized_proxy_user_config_delimiter command.

   Command Syntax:

   <proxy_user>=<group1>,<group_2>,<group_3>; <proxy_user>=<group4>

   For example:

   arcadia=Group1,Group2;Group3; admin=Group4

6. In the Proxy User Configuration field, delete the default value arcadia=* as this allows a superuser to delegate to all users. When you are configuring a proxy group, either leave this field blank, or specify a single user or multiple users, separated by a delimiter. Do not specify all users. In our example, we entered, arcadia=admin.
   Command Syntax:

   <proxy_user>=<user1>,<user_2>,<user_3>; <proxy_user>=<*>

   For example:

   arcadia=user1,user2,user3; admin=*

7. Click Save Changes to save the configuration.

   

8. To restart Arcadia Enterprise service and apply configuration changes, click the orange icon in the Arcadia Enterprise menu bar.

   

9. In the Restart Stale Services interface, click Restart Now to restart Arcadia Enterprise service.

   

After Arcadia Enterprise service successfully restarts, your proxy group configuration is complete.

Example of Proxy Group Configuration on ArcViz

After configuring the proxy group configuration on Cloudera, let us demonstrate the access behavior of one of the users in Group1. In our example, one of our Group1 users is ldapuser1.

1. Log into ArcViz with Username=ldapuser1 and Password=arcadia.

   To set up authentication for the delegated user in the group, configure username and password through LDAP.

2. On the main navigation bar, click Data.
3. In the main area, click the Connection Explorer tab.
4. Select the default database.
5. Select the cabrides dataset from the abbreviated list of datasets.
6. A table with sample data appears under the Sample Data tab at the bottom of the screen. The proxy user arcadia is allowed to delegate to ldapuser1, therefore the user is able to access Arcadia services.

   

7. Now let's delete the proxy user and the delegated group, arcadia=Group1, from the Proxy Group Configuration field in the Cloudera Interface.

   As ldapuser1 is part of Group1, after deleting the setting, this user should not be able to access Arcadia services.

   

8. Logout of Arcadia account.

   

9. Log in as ldapuser1 again, and repeat steps 1 - 5.
10. An error message appears, User 'arcadia....is not authorized to delegate to 'ldapuser1'.

    The proxy user arcadia is not allowed to delegate to ldapuser1, therefore the user is unable to access Arcadia services.