Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Hive metastore can not access existing databases after integrating with Sentry

SOLVED Go to solution
Highlighted

Hive metastore can not access existing databases after integrating with Sentry

Explorer

Hi

 

I am using Cloudera Express 5.5.1 on Ubuntu.

 

I have enabled Sentry authorisation on Hive as per Cloudera documentation.

 

When i log in to Hue using Hive user and choose Metastore. I don't see all my databases that were previosuly created.  All i see is 'Default' Database.  

 

I have Hadoop groups option enabled and "hive" is the group on hadoop

I have 777 set on /user/hive/warehouse directory and sub-directories

I have placed the sentry-provider.ini under /user/hive/sentry directory and it looks like below

 

[groups] 
# Assigns each Hadoop group to its set of roles  
hive= admin_role  

[roles] # The uris below define a define a landing skid which 
# the user can use to import or export data from the system. 
# Since the server runs as the user "hive" files in that directory 
# must either have the group hive and read/write set or 
# be world read/write. 
# http://www.cloudera.com/documentation/enterprise/5-5-x/topics/sg_hive_sql.html
# Implies everything on server1 and database
admin_role = server=server1->db=practice

 

When i try to create a new database, it get the below errors

 

[18/May/2016 01:42:49 -0700] middleware   INFO     Processing exception: Bad status for request TExecuteStatementReq(confOverlay={}, sessionHandle=TSessionHandle(sessionId=THandleIdentifier(secret='\x19fx\x06>[F\xaf\xb6,\x8a\xe6r\xdd\xb6R', guid='a2_\xb54\xcaB\x15\x9d7\x00\xd7\xc5P$h')), runAsync=False, statement='USE `default`'):
TExecuteStatementResp(status=TStatus(errorCode=40000, errorMessage='Error while compiling statement: FAILED: SemanticException No valid privileges\n User hive does not have privileges for SWITCHDATABASE', sqlState='42000', infoMessages=['*org.apache.hive.service.cli.HiveSQLException:Error while compiling statement: FAILED: SemanticException No valid privileges\n User hive does not have privileges for SWITCHDATABASE:17:16', 'org.apache.hive.service.cli.operation.Operation:toSQLException:Operation.java:326', 'org.apache.hive.service.cli.operation.SQLOperation:prepare:SQLOperation.java:102', 'org.apache.hive.service.cli.operation.SQLOperation:runInternal:SQLOperation.java:171', 'org.apache.hive.service.cli.operation.Operation:run:Operation.java:268', 'org.apache.hive.service.cli.session.HiveSessionImpl:executeStatementInternal:HiveSessionImpl.java:410', 'org.apache.hive.service.cli.session.HiveSessionImpl:executeStatement:HiveSessionImpl.java:391', 'org.apache.hive.service.cli.CLIService:executeStatement:CLIService.java:245', 'org.apache.hive.service.cli.thrift.ThriftCLIService:ExecuteStatement:ThriftCLIService.java:509', 'org.apache.hive.service.cli.thrift.TCLIService$Processor$ExecuteStatement:getResult:TCLIService.java:1313', 'org.apache.hive.service.cli.thrift.TCLIService$Processor$ExecuteStatement:getResult:TCLIService.java:1298', 'org.apache.thrift.ProcessFunction:process:ProcessFunction.java:39', 'org.apache.thrift.TBaseProcessor:process:TBaseProcessor.java:39', 'org.apache.hive.service.auth.TSetIpAddressProcessor:process:TSetIpAddressProcessor.java:56', 'org.apache.thrift.server.TThreadPoolServer$WorkerProcess:run:TThreadPoolServer.java:285', 'java.util.concurrent.ThreadPoolExecutor:runWorker:ThreadPoolExecutor.java:1145', 'java.util.concurrent.ThreadPoolExecutor$Worker:run:ThreadPoolExecutor.java:615', 'java.lang.Thread:run:Thread.java:745', '*org.apache.hadoop.hive.ql.parse.SemanticException:No valid privileges\n User hive does not have privileges for SWITCHDATABASE:21:5', 'org.apache.sentry.binding.hive.HiveAuthzBindingHook:postAnalyze:HiveAuthzBindingHook.java:387', 'org.apache.hadoop.hive.ql.Driver:compile:Driver.java:424', 'org.apache.hadoop.hive.ql.Driver:compile:Driver.java:305', 'org.apache.hadoop.hive.ql.Driver:compileInternal:Driver.java:1110', 'org.apache.hadoop.hive.ql.Driver:compileAndRespond:Driver.java:1104', 'org.apache.hive.service.cli.operation.SQLOperation:prepare:SQLOperation.java:100', '*org.apache.hadoop.hive.ql.metadata.AuthorizationException:User hive does not have privileges for SWITCHDATABASE:23:2', 'org.apache.sentry.binding.hive.authz.HiveAuthzBinding:authorize:HiveAuthzBinding.java:275', 'org.apache.sentry.binding.hive.HiveAuthzBindingHook:authorizeWithHiveBindings:HiveAuthzBindingHook.java:577', 'org.apache.sentry.binding.hive.HiveAuthzBindingHook:postAnalyze:HiveAuthzBindingHook.java:372'], statusCode=3), operationHandle=None): Traceback (most recent call last):
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/build/env/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/core/handlers/base.py", line 112, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/build/env/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/db/transaction.py", line 371, in inner
    return func(*args, **kwargs)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/create_database.py", line 49, in create_database
    return execute_directly(request, query, on_success_url=reverse('metastore:databases'))
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/views.py", line 764, in execute_directly
    db.use(database)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/server/dbms.py", line 527, in use
    return self.client.use(query)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 938, in use
    data = self._client.execute_query(query)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 679, in execute_query
    return self.execute_query_statement(statement=query.query['query'], max_rows=max_rows, configuration=configuration)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 683, in execute_query_statement
    (results, schema), operation_handle = self.execute_statement(statement=statement, max_rows=max_rows, configuration=configuration, orientation=orientation)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 711, in execute_statement
    res = self.call(self._client.ExecuteStatement, req)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 597, in call
    raise QueryServerException(Exception('Bad status for request %s:\n%s' % (req, res)), message=message)
QueryServerException: Bad status for request TExecuteStatementReq(confOverlay={}, sessionHandle=TSessionHandle(sessionId=THandleIdentifier(secret='\x19fx\x06>[F\xaf\xb6,\x8a\xe6r\xdd\xb6R', guid='a2_\xb54\xcaB\x15\x9d7\x00\xd7\xc5P$h')), runAsync=False, statement='USE `default`'):
TExecuteStatementResp(status=TStatus(errorCode=40000, errorMessage='Error while compiling statement: FAILED: SemanticException No valid privileges\n User hive does not have privileges for SWITCHDATABASE', sqlState='42000', infoMessages=['*org.apache.hive.service.cli.HiveSQLException:Error while compiling statement: FAILED: SemanticException No valid privileges\n User hive does not have privileges for SWITCHDATABASE:17:16', 'org.apache.hive.service.cli.operation.Operation:toSQLException:Operation.java:326', 'org.apache.hive.service.cli.operation.SQLOperation:prepare:SQLOperation.java:102', 'org.apache.hive.service.cli.operation.SQLOperation:runInternal:SQLOperation.java:171', 'org.apache.hive.service.cli.operation.Operation:run:Operation.java:268', 'org.apache.hive.service.cli.session.HiveSessionImpl:executeStatementInternal:HiveSessionImpl.java:410', 'org.apache.hive.service.cli.session.HiveSessionImpl:executeStatement:HiveSessionImpl.java:391', 'org.apache.hive.service.cli.CLIService:executeStatement:CLIService.java:245', 'org.apache.hive.service.cli.thrift.ThriftCLIService:ExecuteStatement:ThriftCLIService.java:509', 'org.apache.hive.service.cli.thrift.TCLIService$Processor$ExecuteStatement:getResult:TCLIService.java:1313', 'org.apache.hive.service.cli.thrift.TCLIService$Processor$ExecuteStatement:getResult:TCLIService.java:1298', 'org.apache.thrift.ProcessFunction:process:ProcessFunction.java:39', 'org.apache.thrift.TBaseProcessor:process:TBaseProcessor.java:39', 'org.apache.hive.service.auth.TSetIpAddressProcessor:process:TSetIpAddressProcessor.java:56', 'org.apache.thrift.server.TThreadPoolServer$WorkerProcess:run:TThreadPoolServer.java:285', 'java.util.concurrent.ThreadPoolExecutor:runWorker:ThreadPoolExecutor.java:1145', 'java.util.concurrent.ThreadPoolExecutor$Worker:run:ThreadPoolExecutor.java:615', 'java.lang.Thread:run:Thread.java:745', '*org.apache.hadoop.hive.ql.parse.SemanticException:No valid privileges\n User hive does not have privileges for SWITCHDATABASE:21:5', 'org.apache.sentry.binding.hive.HiveAuthzBindingHook:postAnalyze:HiveAuthzBindingHook.java:387', 'org.apache.hadoop.hive.ql.Driver:compile:Driver.java:424', 'org.apache.hadoop.hive.ql.Driver:compile:Driver.java:305', 'org.apache.hadoop.hive.ql.Driver:compileInternal:Driver.java:1110', 'org.apache.hadoop.hive.ql.Driver:compileAndRespond:Driver.java:1104', 'org.apache.hive.service.cli.operation.SQLOperation:prepare:SQLOperation.java:100', '*org.apache.hadoop.hive.ql.metadata.AuthorizationException:User hive does not have privileges for SWITCHDATABASE:23:2', 'org.apache.sentry.binding.hive.authz.HiveAuthzBinding:authorize:HiveAuthzBinding.java:275', 'org.apache.sentry.binding.hive.HiveAuthzBindingHook:authorizeWithHiveBindings:HiveAuthzBindingHook.java:577', 'org.apache.sentry.binding.hive.HiveAuthzBindingHook:postAnalyze:HiveAuthzBindingHook.java:372'], statusCode=3), operationHandle=None)

Below are the permissions on the folders

 

drwxrwxrwt   - hive hive          0 2016-01-22 07:54 /user/hive/warehouse/master
drwxrwxrwt   - hive hive          0 2016-04-25 06:36 /user/hive/warehouse/person_partition_sqoop_subdir
drwxrwxrwt   - hive hive          0 2016-04-25 06:50 /user/hive/warehouse/person_partition_staging
drwxrwxrwt   - hive hive          0 2016-04-25 07:26 /user/hive/warehouse/person_partition_virtual
drwxrwxrwt   - hive hive          0 2016-04-22 08:27 /user/hive/warehouse/practice.db

 

 

Can somebody please suggest, why i am not able to access  existing databases as hive user and not allowed to even create new databases when i have given 777 permissions on warehouse folder and sub-folders to  hive:hive.

 

Thanks

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Hive metastore can not access existing databases after integrating with Sentry

Explorer

Hi

 

Please ignore my question, i have solved the issue by applying steps in the below resolved topic.

 

https://community.cloudera.com/t5/Security-Apache-Sentry/Hue-Sentry-tables-Tables-dissapear-when-ena...

 

Thanks

3 REPLIES 3

Re: Hive metastore can not access existing databases after integrating with Sentry

Explorer

Hi

 

Please ignore my question, i have solved the issue by applying steps in the below resolved topic.

 

https://community.cloudera.com/t5/Security-Apache-Sentry/Hue-Sentry-tables-Tables-dissapear-when-ena...

 

Thanks

Re: Hive metastore can not access existing databases after integrating with Sentry

Community Manager

It is always nice when someone solves their own issue. Even better when they discover it via another thread on the community. Thanks for the update. :)



Cy Jervis, Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Learn more about the Cloudera Community:
Community Guidelines
How to use the forum

Re: Hive metastore can not access existing databases after integrating with Sentry

Expert Contributor