New Contributor
Posts: 1
Registered: ‎11-06-2018

Invalidate metadata with Sentry and AD

Hi guys,


We are currently expressing an issue when executing invalidate metadata via impala-shell and next exception is raised:


User 'impala' does not have privileges to execute: LIST_ROLES
at org.apache.impala.util.SentryPolicyService.listAllRoles(
at org.apache.impala.util.SentryProxy$
at java.util.concurrent.Executors$
at java.util.concurrent.FutureTask.runAndReset(
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(
at java.util.concurrent.ScheduledThreadPoolExecutor$
at java.util.concurrent.ThreadPoolExecutor.runWorker(
at java.util.concurrent.ThreadPoolExecutor$


impala with Sentry and authentication using AD server.


Maybe someone faced the same issue as well

Cloudera Employee
Posts: 832
Registered: ‎03-23-2015

Re: Invalidate metadata with Sentry and AD

Is "impala" user being registered as sentry admin user?

Go to CM > Sentry > Configuration > Admin Groups to see if "impala" is on the list.