https://community.cloudera.com/t5/Support-Questions/How-to-create-a-role-admin-user-priviledge/m-p/59177#M14447 <P>Using cloudera manager goto Sentry-&gt;Configurations</P><P>Add users/groups to following property to allow them create/show roles. Smaller fonts are property name in the configuration file while regular fonts are display name of the property in the CM.</P><DIV class="param-spec-property"><DIV class="header-column"><DIV class="display-name">&nbsp;</DIV><DIV class="display-name">Admin Groups</DIV><DIV class="property-name"><FONT size="2">sentry.service.admin.group</FONT></DIV><DIV class="property-name">&nbsp;</DIV><DIV class="property-name"><DIV class="param-spec-property"><DIV class="header-column"><DIV class="display-name">Allowed Connecting Users</DIV><DIV class="property-name"><FONT size="2">sentry.service.allow.connect</FONT></DIV></DIV></DIV></DIV><DIV class="property-name">&nbsp;</DIV></DIV></DIV> Thu, 24 Aug 2017 16:36:55 GMT sunilosunil 2017-08-24T16:36:55Z https://community.cloudera.com/t5/Support-Questions/How-to-create-a-role-admin-user-priviledge/m-p/58721#M14443 <P>Even though user has ALL priviledges with grant option set to true, can not create /show roles.</P><P><STRONG>How to create a role/ assign priviledge to create/show roles to a user/group ?</STRONG></P><P>&nbsp;</P><P>My set up CDH 5.12. Impala with Sentry (service) enabled.</P><PRE>[myserver.com:21000] &gt; version; Shell version: Impala Shell v2.9.0-cdh5.12.0 (03c6ddb) built on Thu Jun 29 04:17:31 PDT 2017 Server version: impalad version 2.9.0-cdh5.12.0 RELEASE (build 03c6ddbdcec39238be4f5b14a300d5c4f576097e)</PRE><P>&nbsp;</P><P>Roles and users set up</P><PRE>[myserver.com:21000] &gt; show grant role admin; Query: show grant role admin +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+ | scope | database | table | column | uri | privilege | grant_option | create_time | +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+ | SERVER | | | | | ALL | true | Fri, Aug 11 2017 05:55:28.694 | +--------+----------+-------+--------+-----+-----------+--------------+-------------------------------+ Fetched 1 row(s) in 0.01s<BR /><BR />[myserver.com:21000] &gt; show current roles;<BR />Query: show current roles<BR />+--------------+<BR />| role_name&nbsp;&nbsp;&nbsp; |<BR />+--------------+<BR />| admin&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |<BR />+--------------+<BR />Fetched 1 row(s) in 0.01s</PRE><P>&nbsp;</P><P>&nbsp;<FONT color="#993300"><STRONG>Exception when user tries to run show roles or create roles.<BR /></STRONG></FONT></P><PRE>[myserver.com:21000] &gt;show roles; Query: show roles <FONT color="#993300">ERROR: <STRONG>AuthorizationException</STRONG>: User 'sunil' does not have privileges to access the requested policy metadata or Sentry Service is unavailable.</FONT></PRE> Fri, 16 Sep 2022 12:04:49 GMT https://community.cloudera.com/t5/Support-Questions/How-to-create-a-role-admin-user-priviledge/m-p/58721#M14443 sunilosunil 2022-09-16T12:04:49Z https://community.cloudera.com/t5/Support-Questions/How-to-create-a-role-admin-user-priviledge/m-p/58786#M14444 <P>We're blocked here. Is there a way to make any other users besides Impala, Hive role admin ? i.e. grant access to&nbsp; show and create roles ?</P> Sat, 12 Aug 2017 06:13:25 GMT https://community.cloudera.com/t5/Support-Questions/How-to-create-a-role-admin-user-priviledge/m-p/58786#M14444 sunilosunil 2017-08-12T06:13:25Z https://community.cloudera.com/t5/Support-Questions/How-to-create-a-role-admin-user-priviledge/m-p/58795#M14445 <P>1 . Check the policy file&nbsp;</P><P>2 . Check if the user "sunil " is in Impala group .</P><P>if nothing helps&nbsp;</P><P>&nbsp;to dig more use the safety valve to enable log4j root logger&nbsp;</P><P>and share the logs if you can&nbsp;</P><P>&nbsp;</P><PRE>log4j.logger.org.apache.sentry=DEBUG</PRE><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Sat, 12 Aug 2017 12:20:31 GMT https://community.cloudera.com/t5/Support-Questions/How-to-create-a-role-admin-user-priviledge/m-p/58795#M14445 csguna 2017-08-12T12:20:31Z https://community.cloudera.com/t5/Support-Questions/How-to-create-a-role-admin-user-priviledge/m-p/58994#M14446 <P>I'm using Sentry service using Cloudera manager. I just realized that I can other users / groups to sentry config in cloudera manager and allow them to run Grant / Create role commands.</P> Fri, 18 Aug 2017 07:31:07 GMT https://community.cloudera.com/t5/Support-Questions/How-to-create-a-role-admin-user-priviledge/m-p/58994#M14446 sunilosunil 2017-08-18T07:31:07Z https://community.cloudera.com/t5/Support-Questions/How-to-create-a-role-admin-user-priviledge/m-p/59177#M14447 <P>Using cloudera manager goto Sentry-&gt;Configurations</P><P>Add users/groups to following property to allow them create/show roles. Smaller fonts are property name in the configuration file while regular fonts are display name of the property in the CM.</P><DIV class="param-spec-property"><DIV class="header-column"><DIV class="display-name">&nbsp;</DIV><DIV class="display-name">Admin Groups</DIV><DIV class="property-name"><FONT size="2">sentry.service.admin.group</FONT></DIV><DIV class="property-name">&nbsp;</DIV><DIV class="property-name"><DIV class="param-spec-property"><DIV class="header-column"><DIV class="display-name">Allowed Connecting Users</DIV><DIV class="property-name"><FONT size="2">sentry.service.allow.connect</FONT></DIV></DIV></DIV></DIV><DIV class="property-name">&nbsp;</DIV></DIV></DIV> Thu, 24 Aug 2017 16:36:55 GMT https://community.cloudera.com/t5/Support-Questions/How-to-create-a-role-admin-user-priviledge/m-p/59177#M14447 sunilosunil 2017-08-24T16:36:55Z