Reply
rkh
New Contributor
Posts: 1
Registered: ‎11-06-2018

Invalidate metadata with Sentry and AD

Hi guys,

 

We are currently expressing an issue when executing invalidate metadata via impala-shell and next exception is raised:

 

User 'impala' does not have privileges to execute: LIST_ROLES
at org.apache.impala.util.SentryPolicyService.listAllRoles(SentryPolicyService.java:395)
at org.apache.impala.util.SentryProxy$PolicyReader.run(SentryProxy.java:124)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)

 

impala with Sentry and authentication using AD server.

 

Maybe someone faced the same issue as well

Highlighted
Cloudera Employee
Posts: 441
Registered: ‎03-23-2015

Re: Invalidate metadata with Sentry and AD

Is "impala" user being registered as sentry admin user?

Go to CM > Sentry > Configuration > Admin Groups to see if "impala" is on the list.
Announcements