Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Authorization errors in Impala

avatar
Expert Contributor

Hello,

 

We have a strange issue here.

 

We are on CDH 6.3.0 and have sentry in place for authorizations. A user is trying to execute queries from Hue on Impala Editor and fails with Authorization errors. However, same query works fine via Hive and also via Impala shell. It fails only from Hue editor.

 

We have:

1. Refreshed metadata

2. Invalidated metadata

3. Verified permissions are in place in Sentry

4. There are no logs generated (I checked in Hue, Sentry Server and Catalog server). Please suggest if any other place should also be checked.

 

Example query:

select * from DB.table limit 5;

 

Kindly help to diagnose and resolve this issue.

 

Thanks

Snm1523

1 ACCEPTED SOLUTION

avatar
Super Collaborator

Hi,

 

1. What is the exact exception from Hue? Is this issue with all users or only specific users?

2. what is the sentry role you mapped to the database? can you check its privileges from below command. 

   ## SHOW GRANT ROLE <role-name> on database <database-name>;

3. check the group that user is belongs to:

    ## id <username>

4. check if the group is mapped to the sentry role, if not try to map the sentry role to group a user belong to and check the db access.

   ## GRANT ROLE <role_name> TO GROUP <groupName>;

 

View solution in original post

1 REPLY 1

avatar
Super Collaborator

Hi,

 

1. What is the exact exception from Hue? Is this issue with all users or only specific users?

2. what is the sentry role you mapped to the database? can you check its privileges from below command. 

   ## SHOW GRANT ROLE <role-name> on database <database-name>;

3. check the group that user is belongs to:

    ## id <username>

4. check if the group is mapped to the sentry role, if not try to map the sentry role to group a user belong to and check the db access.

   ## GRANT ROLE <role_name> TO GROUP <groupName>;