I am using HDP sandbox with Ranger KMS installed as KMS Server. I fired below command on sandbox.
hadoop key create testKey
I got below exception as a result.
testKey has not been created. org.apache.hadoop.security.authorize.AuthorizationException: User:root not allowed to do 'CREATE_KEY' on 'testKey'
I am not able to create key for creating encryption zone. Do I need specific user for doing this.
Any pointer on this?
Note : I have kerberos enabled cluster.
I referred same document for installation but it did not worked. After that I added hdfs user in Sandbox_kms poliy and after that key creation worked.
View solution in original post
Take a look at KMS documentation
If you are sandbox, login to ranger as keyadmin/keyadmin, select sandbox_kms and add a key from there.