03-04-2015 10:59 AM
I am unable to get my sentry authorization roles to work. I had them setup in the past and everything was working fine, about a week ago or so the sentry roles became intermittent and as of now are not being recognized. The authorization is being processed through ldap groups and not the local machine.
I am able to create new roles and grant privileges to these new roles and then grant these roles to a user group. After checking to confirm that the new role has been granted to the group the privileges granted appear to not work.
Looking at the logs this is the error I am receiving:
org.apache.sentry.provider.common.HadoopGroupMappingService Unable to obtain groups for hive java.io.IOException: No groups found for user hive
User hive exists on the local machine but also is a test user that was created in active directory. Roles were granted both to the AD group that user hive belongs too and group hive on the local machine. Neither appear to be working though, even though the "show current roles" reflects the roles granted to group "hive". What is strange is that originally roles were only granted to the active directory group that user "hive" belongs too and everything was working fine.
Any suggestions would be appreciated. It just does not make any sense that authorization had become intermittent and then just stopped working.