Support Questions

deep00 · ‎05-18-2016

Hi

I am using Cloudera Express 5.5.1 on Ubuntu.

I have enabled Sentry authorisation on Hive as per Cloudera documentation.

When i log in to Hue using Hive user and choose Metastore. I don't see all my databases that were previosuly created. All i see is 'Default' Database.

I have Hadoop groups option enabled and "hive" is the group on hadoop

I have 777 set on /user/hive/warehouse directory and sub-directories

I have placed the sentry-provider.ini under /user/hive/sentry directory and it looks like below

[groups] 
# Assigns each Hadoop group to its set of roles  
hive= admin_role  

[roles] # The uris below define a define a landing skid which 
# the user can use to import or export data from the system. 
# Since the server runs as the user "hive" files in that directory 
# must either have the group hive and read/write set or 
# be world read/write. 
# http://www.cloudera.com/documentation/enterprise/5-5-x/topics/sg_hive_sql.html
# Implies everything on server1 and database
admin_role = server=server1->db=practice

When i try to create a new database, it get the below errors

[18/May/2016 01:42:49 -0700] middleware   INFO     Processing exception: Bad status for request TExecuteStatementReq(confOverlay={}, sessionHandle=TSessionHandle(sessionId=THandleIdentifier(secret='\x19fx\x06>[F\xaf\xb6,\x8a\xe6r\xdd\xb6R', guid='a2_\xb54\xcaB\x15\x9d7\x00\xd7\xc5P$h')), runAsync=False, statement='USE `default`'):
TExecuteStatementResp(status=TStatus(errorCode=40000, errorMessage='Error while compiling statement: FAILED: SemanticException No valid privileges\n User hive does not have privileges for SWITCHDATABASE', sqlState='42000', infoMessages=['*org.apache.hive.service.cli.HiveSQLException:Error while compiling statement: FAILED: SemanticException No valid privileges\n User hive does not have privileges for SWITCHDATABASE:17:16', 'org.apache.hive.service.cli.operation.Operation:toSQLException:Operation.java:326', 'org.apache.hive.service.cli.operation.SQLOperation:prepare:SQLOperation.java:102', 'org.apache.hive.service.cli.operation.SQLOperation:runInternal:SQLOperation.java:171', 'org.apache.hive.service.cli.operation.Operation:run:Operation.java:268', 'org.apache.hive.service.cli.session.HiveSessionImpl:executeStatementInternal:HiveSessionImpl.java:410', 'org.apache.hive.service.cli.session.HiveSessionImpl:executeStatement:HiveSessionImpl.java:391', 'org.apache.hive.service.cli.CLIService:executeStatement:CLIService.java:245', 'org.apache.hive.service.cli.thrift.ThriftCLIService:ExecuteStatement:ThriftCLIService.java:509', 'org.apache.hive.service.cli.thrift.TCLIService$Processor$ExecuteStatement:getResult:TCLIService.java:1313', 'org.apache.hive.service.cli.thrift.TCLIService$Processor$ExecuteStatement:getResult:TCLIService.java:1298', 'org.apache.thrift.ProcessFunction:process:ProcessFunction.java:39', 'org.apache.thrift.TBaseProcessor:process:TBaseProcessor.java:39', 'org.apache.hive.service.auth.TSetIpAddressProcessor:process:TSetIpAddressProcessor.java:56', 'org.apache.thrift.server.TThreadPoolServer$WorkerProcess:run:TThreadPoolServer.java:285', 'java.util.concurrent.ThreadPoolExecutor:runWorker:ThreadPoolExecutor.java:1145', 'java.util.concurrent.ThreadPoolExecutor$Worker:run:ThreadPoolExecutor.java:615', 'java.lang.Thread:run:Thread.java:745', '*org.apache.hadoop.hive.ql.parse.SemanticException:No valid privileges\n User hive does not have privileges for SWITCHDATABASE:21:5', 'org.apache.sentry.binding.hive.HiveAuthzBindingHook:postAnalyze:HiveAuthzBindingHook.java:387', 'org.apache.hadoop.hive.ql.Driver:compile:Driver.java:424', 'org.apache.hadoop.hive.ql.Driver:compile:Driver.java:305', 'org.apache.hadoop.hive.ql.Driver:compileInternal:Driver.java:1110', 'org.apache.hadoop.hive.ql.Driver:compileAndRespond:Driver.java:1104', 'org.apache.hive.service.cli.operation.SQLOperation:prepare:SQLOperation.java:100', '*org.apache.hadoop.hive.ql.metadata.AuthorizationException:User hive does not have privileges for SWITCHDATABASE:23:2', 'org.apache.sentry.binding.hive.authz.HiveAuthzBinding:authorize:HiveAuthzBinding.java:275', 'org.apache.sentry.binding.hive.HiveAuthzBindingHook:authorizeWithHiveBindings:HiveAuthzBindingHook.java:577', 'org.apache.sentry.binding.hive.HiveAuthzBindingHook:postAnalyze:HiveAuthzBindingHook.java:372'], statusCode=3), operationHandle=None): Traceback (most recent call last):
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/build/env/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/core/handlers/base.py", line 112, in get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/build/env/lib/python2.7/site-packages/Django-1.6.10-py2.7.egg/django/db/transaction.py", line 371, in inner
    return func(*args, **kwargs)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/create_database.py", line 49, in create_database
    return execute_directly(request, query, on_success_url=reverse('metastore:databases'))
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/views.py", line 764, in execute_directly
    db.use(database)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/server/dbms.py", line 527, in use
    return self.client.use(query)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 938, in use
    data = self._client.execute_query(query)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 679, in execute_query
    return self.execute_query_statement(statement=query.query['query'], max_rows=max_rows, configuration=configuration)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 683, in execute_query_statement
    (results, schema), operation_handle = self.execute_statement(statement=statement, max_rows=max_rows, configuration=configuration, orientation=orientation)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 711, in execute_statement
    res = self.call(self._client.ExecuteStatement, req)
  File "/opt/cloudera/parcels/CDH-5.5.1-1.cdh5.5.1.p0.11/lib/hue/apps/beeswax/src/beeswax/server/hive_server2_lib.py", line 597, in call
    raise QueryServerException(Exception('Bad status for request %s:\n%s' % (req, res)), message=message)
QueryServerException: Bad status for request TExecuteStatementReq(confOverlay={}, sessionHandle=TSessionHandle(sessionId=THandleIdentifier(secret='\x19fx\x06>[F\xaf\xb6,\x8a\xe6r\xdd\xb6R', guid='a2_\xb54\xcaB\x15\x9d7\x00\xd7\xc5P$h')), runAsync=False, statement='USE `default`'):
TExecuteStatementResp(status=TStatus(errorCode=40000, errorMessage='Error while compiling statement: FAILED: SemanticException No valid privileges\n User hive does not have privileges for SWITCHDATABASE', sqlState='42000', infoMessages=['*org.apache.hive.service.cli.HiveSQLException:Error while compiling statement: FAILED: SemanticException No valid privileges\n User hive does not have privileges for SWITCHDATABASE:17:16', 'org.apache.hive.service.cli.operation.Operation:toSQLException:Operation.java:326', 'org.apache.hive.service.cli.operation.SQLOperation:prepare:SQLOperation.java:102', 'org.apache.hive.service.cli.operation.SQLOperation:runInternal:SQLOperation.java:171', 'org.apache.hive.service.cli.operation.Operation:run:Operation.java:268', 'org.apache.hive.service.cli.session.HiveSessionImpl:executeStatementInternal:HiveSessionImpl.java:410', 'org.apache.hive.service.cli.session.HiveSessionImpl:executeStatement:HiveSessionImpl.java:391', 'org.apache.hive.service.cli.CLIService:executeStatement:CLIService.java:245', 'org.apache.hive.service.cli.thrift.ThriftCLIService:ExecuteStatement:ThriftCLIService.java:509', 'org.apache.hive.service.cli.thrift.TCLIService$Processor$ExecuteStatement:getResult:TCLIService.java:1313', 'org.apache.hive.service.cli.thrift.TCLIService$Processor$ExecuteStatement:getResult:TCLIService.java:1298', 'org.apache.thrift.ProcessFunction:process:ProcessFunction.java:39', 'org.apache.thrift.TBaseProcessor:process:TBaseProcessor.java:39', 'org.apache.hive.service.auth.TSetIpAddressProcessor:process:TSetIpAddressProcessor.java:56', 'org.apache.thrift.server.TThreadPoolServer$WorkerProcess:run:TThreadPoolServer.java:285', 'java.util.concurrent.ThreadPoolExecutor:runWorker:ThreadPoolExecutor.java:1145', 'java.util.concurrent.ThreadPoolExecutor$Worker:run:ThreadPoolExecutor.java:615', 'java.lang.Thread:run:Thread.java:745', '*org.apache.hadoop.hive.ql.parse.SemanticException:No valid privileges\n User hive does not have privileges for SWITCHDATABASE:21:5', 'org.apache.sentry.binding.hive.HiveAuthzBindingHook:postAnalyze:HiveAuthzBindingHook.java:387', 'org.apache.hadoop.hive.ql.Driver:compile:Driver.java:424', 'org.apache.hadoop.hive.ql.Driver:compile:Driver.java:305', 'org.apache.hadoop.hive.ql.Driver:compileInternal:Driver.java:1110', 'org.apache.hadoop.hive.ql.Driver:compileAndRespond:Driver.java:1104', 'org.apache.hive.service.cli.operation.SQLOperation:prepare:SQLOperation.java:100', '*org.apache.hadoop.hive.ql.metadata.AuthorizationException:User hive does not have privileges for SWITCHDATABASE:23:2', 'org.apache.sentry.binding.hive.authz.HiveAuthzBinding:authorize:HiveAuthzBinding.java:275', 'org.apache.sentry.binding.hive.HiveAuthzBindingHook:authorizeWithHiveBindings:HiveAuthzBindingHook.java:577', 'org.apache.sentry.binding.hive.HiveAuthzBindingHook:postAnalyze:HiveAuthzBindingHook.java:372'], statusCode=3), operationHandle=None)

Below are the permissions on the folders

drwxrwxrwt   - hive hive          0 2016-01-22 07:54 /user/hive/warehouse/master
drwxrwxrwt   - hive hive          0 2016-04-25 06:36 /user/hive/warehouse/person_partition_sqoop_subdir
drwxrwxrwt   - hive hive          0 2016-04-25 06:50 /user/hive/warehouse/person_partition_staging
drwxrwxrwt   - hive hive          0 2016-04-25 07:26 /user/hive/warehouse/person_partition_virtual
drwxrwxrwt   - hive hive          0 2016-04-22 08:27 /user/hive/warehouse/practice.db

Can somebody please suggest, why i am not able to access existing databases as hive user and not allowed to even create new databases when i have given 777 permissions on warehouse folder and sub-folders to hive:hive.

Thanks

deep00 · ‎05-18-2016

Hi

Please ignore my question, i have solved the issue by applying steps in the below resolved topic.

https://community.cloudera.com/t5/Security-Apache-Sentry/Hue-Sentry-tables-Tables-dissapear-when-ena...

Thanks

View solution in original post

deep00 · ‎05-18-2016

Hi

Please ignore my question, i have solved the issue by applying steps in the below resolved topic.

https://community.cloudera.com/t5/Security-Apache-Sentry/Hue-Sentry-tables-Tables-dissapear-when-ena...

Thanks

cjervis · ‎05-18-2016

It is always nice when someone solves their own issue. Even better when they discover it via another thread on the community. Thanks for the update. 🙂

Cy Jervis, Manager, Community Program
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

sim6 · ‎10-09-2016

This should help: http://www.yourtechchick.com/hadoop/no-databases-available-permissions-missing-error-hive-sentry/

Cloudera Community

Support Questions

Hive metastore can not access existing databases after integrating with Sentry