Support Questions

Find answers, ask questions, and share your expertise

HDFS Encryption Error | root not allowed to do 'CREATE_KEY'

Contributor

I am using HDP sandbox with Ranger KMS installed as KMS Server. I fired below command on sandbox.

hadoop key create testKey

I got below exception as a result.

testKey has not been created. org.apache.hadoop.security.authorize.AuthorizationException: User:root not allowed to do 'CREATE_KEY' on 'testKey'

I am not able to create key for creating encryption zone. Do I need specific user for doing this.

Any pointer on this?

Note : I have kerberos enabled cluster.

1 ACCEPTED SOLUTION

Contributor

I referred same document for installation but it did not worked. After that I added hdfs user in Sandbox_kms poliy and after that key creation worked.

View solution in original post

2 REPLIES 2

Guru

Take a look at KMS documentation

If you are sandbox, login to ranger as keyadmin/keyadmin, select sandbox_kms and add a key from there.

Contributor

I referred same document for installation but it did not worked. After that I added hdfs user in Sandbox_kms poliy and after that key creation worked.