Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

HiveAccessControlException: Permission denied: user [...] does not have [READ] privilege on [s3a:

avatar
Explorer

Hi,

 

i am having the error message in the title, but I am stuck as I have already checked the followings:

 

* ranger permissions: cm_s3 / all - bucket, path -- the user in the the list for read / write / all permissions

* IDBroker role: user has a cdp-datalake-admin-role, which has a cdp-datalake-admin-policy-s3access

 

any other idea and what to check?

thanks

 

1 ACCEPTED SOLUTION

avatar
Explorer
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login
2 REPLIES 2

avatar
Master Collaborator

HiveAccessControlException suggests you are accessing this s3 location through a SQL engine (Hive or Impala perhaps). Check in Ranger, under Hadoop SQL, if the policies are set properly there to access the table you are looking at.

 

Also, is this a RAZ-enabled environment, by any chance? If it is, please see here for RAZ setup specific to Hive table access: https://docs.cloudera.com/management-console/cloud/fine-grained-access-control-aws/topics/raz-aws-cr...

 

 

Hope this helps,

Alex

avatar
Explorer
hide-solution

This problem has been solved!

Want to get a detailed solution you have to login/registered on the community

Register/Login