Support Questions
- Cloudera Community
- Support
- Support Questions
- Dfs commands throws permission denied (HiveAccessC...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Dfs commands throws permission denied (HiveAccessControlException) after authorizing Ranger
- Labels:
-
Apache Ranger
Created 09-06-2018 12:27 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am getting following exception when i am running dfs -ls / in beeline.
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException: Permission denied: user [admin] does not have privilege for [DFS] command
at org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.handleDfsCommand(RangerHiveAuthorizer.java:1334)
at org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:246)
at org.apache.hadoop.hive.ql.processors.CommandUtil.authorizeCommandThrowEx(CommandUtil.java:87)
at org.apache.hadoop.hive.ql.processors.CommandUtil.authorizeCommand(CommandUtil.java:59)
at org.apache.hadoop.hive.ql.processors.DfsProcessor.run(DfsProcessor.java:79)
at org.apache.hive.service.cli.operation.HiveCommandOperation.runInternal(HiveCommandOperation.java:115)
at org.apache.hive.service.cli.operation.Operation.run(Operation.java:331)
at org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementInternal(HiveSessionImpl.java:536)
at org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementAsync(HiveSessionImpl.java:518)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:78)
at org.apache.hive.service.cli.session.HiveSessionProxy.access$000(HiveSessionProxy.java:36)
at org.apache.hive.service.cli.session.HiveSessionProxy$1.run(HiveSessionProxy.java:63)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657) ~
at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:59)
at com.sun.proxy.$Proxy49.executeStatementAsync(Unknown Source)
at org.apache.hive.service.cli.CLIService.executeStatementAsync(CLIService.java:310)
at org.apache.hive.service.cli.thrift.ThriftCLIService.ExecuteStatement(ThriftCLIService.java:531)
at org.apache.hive.service.rpc.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1437)
at org.apache.hive.service.rpc.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1422)
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
at org.apache.thrift.server.TServlet.doPost(TServlet.java:83)
at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doPost(ThriftHttpServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:565)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:479)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:225)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1031)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:965)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)
at org.eclipse.jetty.server.Server.handle(Server.java:349)
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:449)
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:925)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:857)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:76)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:609)
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:45)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Similar question has been posted here : https://community.hortonworks.com/questions/3369/dfs-commands-in-hivebeeline-after-enabling-ranger.h...
Created 09-07-2018 06:11 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
UPDATE : After going through the hive documentation (https://cwiki.apache.org/confluence/display/Hive/SQL+Standard+Based+Hive+Authorization), it has been stated that "Commands such as dfs, add, delete, compile, and reset are disabled when this authorization is enabled"
I really wanted to understand the logic behind the above statement.
-
Apache NiFi
5,254 -
Apache Hive
4,611 -
Apache Hadoop
4,130 -
Apache Ambari
3,271 -
Apache Spark
2,505 -
Hortonworks Data Platform (HDP)
2,471 -
Cloudera Manager
2,282 -
Apache HBase
1,496 -
HDFS
1,494 -
Apache YARN
1,452 -
Apache Impala
1,139 -
Apache Kafka
953 -
Cloudera Enterprise Data Hub (CDH)
917 -
Apache Ranger
864 -
Apache Oozie
791 -
Apache Sqoop
772 -
Cloudera Hue
717 -
Kerberos
624 -
Cloudera Data Platform (CDP)
578 -
Security
485 -
Apache Atlas
463 -
Cloudera DataFlow (CDF)
426 -
Apache Zeppelin
419 -
Apache Pig
400 -
Apache Solr
396 -
Apache Zookeeper
347 -
Apache Phoenix
321 -
MapReduce
312 -
Apache Tez
289 -
Apache Flume
281 -
Hortonworks Cloudbreak
250 -
Apache Knox
235 -
Apache Kudu
214 -
Apache Storm
203 -
Cloudera Data Platform Private Cloud (CDP-Private)
188 -
Cloudera Data Science Workbench (CDSW)
175 -
NiFi Registry
171 -
Certification
164 -
Quickstart VM
158 -
Apache Sentry
153 -
Apache Falcon
149 -
Manual Installation
148 -
Apache Metron
145 -
Docker
129 -
Cloudera Navigator
79 -
Apache MiNiFi
74 -
Apache HCatalog
72 -
Apache Accumulo
68 -
Cloudera Navigator Encrypt
67 -
Training
66 -
Hortonworks SmartSense
60 -
Cloudera Data Engineering (CDE)
60 -
Cloudera Search
59 -
Schema Registry
54 -
Gateway
45 -
Ambari Blueprints
41 -
Cloudera Essentials
38 -
Cloudera Enterprise Data Hub
27 -
Cloudera Data Science and Engineering
27 -
Cloudera Machine Learning (CML)
21 -
Apache Flink
20 -
Data Analytics Studio
19 -
Apache Airflow
14 -
Cloudera Analytic DB
12 -
Cloudera Operational DB
9 -
Cloudera Data Warehouse (CDW)
8 -
Apache Calcite
8 -
Data Visualization
8 -
Cloudera Navigator Key Trustee
6 -
Hortonworks DataPlane
6 -
Hortonworks Stream Messaging Manager
5 -
Data Engineering UI
5 -
Cloudera Navigator Key Manager
3 -
Apache Ozone
3 -
Data Lifecycle Manager
2 -
Cloudera Streaming Analytics (CSA)
2 -
Cloudera Navigator Optimizer
2 -
IBM Db2 Big SQL
2 -
Cloudera Altus Director
1 -
Cloudera OnDemand
1 -
Tensorflow
1 -
Hortonworks Operational Services
1 -
Apache Crunch
1 -
Apache Iceberg
1
