Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Command line utility for setry service Validation in a cluster

Highlighted

Command line utility for setry service Validation in a cluster

Rising Star

Hi, Is there any specific commands / procedure to test the Sentry's functionality apart from Cloudera manager. My aim is to ensure the functionality of service from command line. Thanks, Sathish(Satz)

Thanks,
Sathish (Satz)
3 REPLIES 3

Re: Command line utility for setry service Validation in a cluster

Contributor

Sathish,

 

You can connect to Hive using the beeline CLI and run any GRANT commands. Ensure you connect with a user that belongs to one of the groups listed in sentry.service.admin.group (hive, impala and hue, by default)

If Sentry is not running or has problems you should see some errors, like the one below:

 

Error: Error while compiling statement: FAILED: InvocationTargetException null (state=42000,code=40000)

 

If the command completes successfully Sentry should be running fine.

 

Regards,

Andre

 

Re: Command line utility for setry service Validation in a cluster

Rising Star

Thank you Very much !

Thanks,
Sathish (Satz)

Re: Command line utility for setry service Validation in a cluster

Explorer

Hi araujo

 

Thank you so much for your help..

I am able to Create/Grant/Revoke role now...

 

I would be thankfull if you can do a last help .

I logged in as Hive and granted permission to access table to an user but when logged with that user so those tables are not appearing to that user..

 

Please refer below scenario :-

 

> Logged on the machine from impadmin user

> Added user "impadmin" in "hadoop" group.

> Went to beeline client and passed below connection string

!connect jdbc:hive2://hadoopslave0.company.co.in:10000/default

 

Pass username = hive and password = *******

This hive user is a LDAP user

SET ROLE Manager;

> Created a new role named "developer" by using below command

CREATE ROLE developer;

 

> After that Granted this role to group hadoop

GRANT ROLE developer TO GROUP hadoop

 

> Created two tables named newtable_1 and newtable_2 in default DB and created one table named newtable_3 in a newly added DB kyvostestingdb

 

> GRANT SELECT ON DATABASE default TO ROLE developer;

 

As we have granted ROLE developer with SELECT privilege on DATABASE “default”, so all the groups belonging to this ROLE should have rights to VIEW tables inside this DB and can Query from tables.

 

> Now exit from beeline client

> Went to beeline client and passed below connection string

!connect jdbc:hive2://hadoopslave0.company.co.in:10000/default

username :- impadmin

password :- ******

 

> SET ROLE developer;

 

> After that execute command SHOW TABLES;

No results are coming after execution of this command. This user belongs to ROLE developer so all tables inside default DB should be appear..

Do u think i have done any thing wrong..?

I would be thankfull if u can do this last help

Don't have an account?
Coming from Hortonworks? Activate your account here