When I logged to Hue with a non-superuser, the main menus such as Query Editor, File Browser are all hidden. The View Profile action returned permission denied.
But in my another setup of Hue, a non-superuser can see all munu items and has priviledge to do the View Profile action.
I checked the log of Hue, there are records in runcpserver.log:
[29/Feb/2016 18:45:11 +0800] access INFO 172.18.27.32 dengzhaoqun - "GET /useradmin/users/edit/dengzhaoqun HTTP/1.1" -- permission denied
I then logged with a superuser and found that the group default is No permissions found at Manage Users > Group, which has a permission list in another setup. I checked the configure, but it’s OK. Finally I found it’s bacause of the useradmin_huepermission and useradmin_grouppermission tables in MySQL are empty, it must has something been wrong when migrating to MySQL.
So I recovered the values of useradmin_huepermission:
mysql > INSERT INTO `useradmin_huepermission` VALUES ('access','indexer',28,'Launch this application'),('access','about',29,'Launch this application'),('access','beeswax',30,'Launch this application'),('access','filebrowser',31,'Launch this application'),('write','hbase',32,'Allow writing in the HBase app.'),('access','hbase',33,'Launch this application'),('access','help',34,'Launch this application'),('access','jobbrowser',35,'Launch this application'),('access','jobsub',36,'Launch this application'),('write','metastore',37,'Allow DDL operations. Need the app access too.'),('access','metastore',38,'Launch this application'),('dashboard_jobs_access','oozie',39,'Oozie Dashboard read-only user for all jobs'),('access','oozie',40,'Launch this application'),('access','proxy',41,'Launch this application'),('access','rdbms',42,'Launch this application'),('access','search',43,'Launch this application'),('access_view:useradmin:edit_user','useradmin',44,'Access to profile page on User Admin'),('access','useradmin',45,'Launch this application'),('access','zookeeper',46,'Launch this application');
The values of useradmin_grouppermission can be updated by choice. After doing these, a non-superuser is able to do the normal action.