Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Error refreshing Sentry policy

Highlighted

Error refreshing Sentry policy

Explorer

Hi,

Today, I am observing a strange problem;

 

Cluster: Enabled with Sentry authorization, Policy file is checked, the groups are defined properly as below, I am able to connect to impala, but not able to access the schema. I don't see any problem with the ini configurations but could not understand the root cause, unfortunately due to previliges issue I can't set DBUG for sentry. Can any one help?

configuration details:

access-provider.ini

  db1=hdfs://server1:8020/hive/access/db1.ini

now if i check db1.ini

entry is

   [groups]

   xyz=xyz_role

[roles]

xyz_role = server=server1->db=db1->table=*->action=select

 

while going through the logs of Catalog server I see the below errors, any idea why could it be so?

 

E1030 10:50:07.559773 5155 SentryProxy.java:155] Error refreshing Sentry policy:

 

Java exception follows:

 

com.cloudera.impala.catalog.AuthorizationException: User 'impalauser' does not have privileges to execute: LIST_ROLES

 

at com.cloudera.impala.util.SentryPolicyService.listAllRoles(SentryPolicyService.java:337)

 

at com.cloudera.impala.util.SentryProxy$PolicyReader.run(SentryProxy.java:104)

 

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)

 

at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)

 

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)

 

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)

 

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

 

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

 

at java.lang.Thread.run(Thread.java:745)

 

Don't have an account?
Coming from Hortonworks? Activate your account here