Managing required permissions to access Data Steward Studio

Make sure your provide the DSS user the required permissions for Ambari, Knox, Atlas, and Ranger.

In addition to the DSS user with the Data Steward role, a DP Profiler user (dpprofiler) is created internally during the installation of Data Steward Studio for managing and running profiler jobs.

Permissions for the DP Profiler User

Make sure all the required permissions are granted within all the components.

The dpprofiler user should have the following permissions.

Hive - The dpprofiler user must have access to read and list tables from the Hive metastore.
Atlas
- HDP 2.6.5 - The dpprofiler user must have read and write access to types, entities, and terms in Atlas.
- HDP 3.x version - The dpprofiler user must have read and write access to types, entities, categories, and classifications in Atlas.
YARN - The dpprofiler user must have access to run jobs in YARN against a configured queue. This includes queues used by each profiler (that can be configured through the Profiler configuration page) and queues used by Livy read and write sessions (that can be configured through Ambari). If you are using the default installation, make sure that these permissions are granted to the default queue.
Ranger - The user needs to be a Ranger admin user to be able to access all the Ranger policies.

Permissions for the DSS User

The DSS user should have the following permissions.

Ambari - The DSS user should be an Ambari user assigned a Cluster Operator role.
Atlas - The DSS user must have read access to types, entities, and classifications.
Ranger - To view a policy using DSS, the user must be a Ranger admin or a delegated admin with access to the Ranger policy.