Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Authorization errors in Impala

avatar
author-rank snm1523
Expert Contributor

Created ‎02-08-2021 07:15 AM

Hello,

 

We have a strange issue here.

 

We are on CDH 6.3.0 and have sentry in place for authorizations. A user is trying to execute queries from Hue on Impala Editor and fails with Authorization errors. However, same query works fine via Hive and also via Impala shell. It fails only from Hue editor.

 

We have:

1. Refreshed metadata

2. Invalidated metadata

3. Verified permissions are in place in Sentry

4. There are no logs generated (I checked in Hue, Sentry Server and Catalog server). Please suggest if any other place should also be checked.

 

Example query:

select * from DB.table limit 5;

 

Kindly help to diagnose and resolve this issue.

 

Thanks

Snm1523

2,311 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank ChethanYM author-rank
Master Collaborator

Created ‎05-15-2021 10:38 PM

Hi,

 

1. What is the exact exception from Hue? Is this issue with all users or only specific users?

2. what is the sentry role you mapped to the database? can you check its privileges from below command. 

   ## SHOW GRANT ROLE <role-name> on database <database-name>;

3. check the group that user is belongs to:

    ## id <username>

4. check if the group is mapped to the sentry role, if not try to map the sentry role to group a user belong to and check the db access.

   ## GRANT ROLE <role_name> TO GROUP <groupName>;

 

View solution in original post

2,225 Views
0 Kudos
0
1 REPLY 1

avatar
author-rank ChethanYM author-rank
Master Collaborator

Created ‎05-15-2021 10:38 PM

Hi,

 

1. What is the exact exception from Hue? Is this issue with all users or only specific users?

2. what is the sentry role you mapped to the database? can you check its privileges from below command. 

   ## SHOW GRANT ROLE <role-name> on database <database-name>;

3. check the group that user is belongs to:

    ## id <username>

4. check if the group is mapped to the sentry role, if not try to map the sentry role to group a user belong to and check the db access.

   ## GRANT ROLE <role_name> TO GROUP <groupName>;

 

2,226 Views
0 Kudos
0
Announcements
Community Announcements
April 2025 Cloudera Customer Advisory: Cloudera’s response t...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
View More Announcements