Support Questions

shashi_vish123 · ‎05-05-2016

I am using HDP sandbox with Ranger KMS installed as KMS Server. I fired below command on sandbox.

hadoop key create testKey

I got below exception as a result.

testKey has not been created. org.apache.hadoop.security.authorize.AuthorizationException: User:root not allowed to do 'CREATE_KEY' on 'testKey'

I am not able to create key for creating encryption zone. Do I need specific user for doing this.

Any pointer on this?

Note : I have kerberos enabled cluster.

shashi_vish123 · ‎05-06-2016

I referred same document for installation but it did not worked. After that I added hdfs user in Sandbox_kms poliy and after that key creation worked.

View solution in original post

ravi1 · ‎05-05-2016

Take a look at KMS documentation

If you are sandbox, login to ranger as keyadmin/keyadmin, select sandbox_kms and add a key from there.

shashi_vish123 · ‎05-06-2016

I referred same document for installation but it did not worked. After that I added hdfs user in Sandbox_kms poliy and after that key creation worked.

Cloudera Community

Support Questions

HDFS Encryption Error | root not allowed to do 'CREATE_KEY'