- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Impala ODBC with Sentry
- Labels:
-
Apache Impala
-
Apache Sentry
-
Cloudera Hue
Created on ‎06-19-2017 04:16 AM - edited ‎09-16-2022 04:47 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
I've got a user who is trying to use Power BI to connect to impala via the odbc and kerberos. This will work fine, however the only database he see's is the default, despite having permissions within sentry to select from every database.
If that user logs into Hue and uses impala query editior he can access all db's and tables. However if he trying to connect to any database / table within power bi (by writing sql to pass through, as he can't see the db's in Power BI drop down), he gets the error message "AuthorizationException: User xyz does not have privildges to view table xyz.xyz
Username and xyz obvisouly would be different.
I'm at a complete loss, the user is within all the correct groups within hue, those groups maps to roles within sentry which has permissions assinged.
Any advice?
Created ‎08-09-2017 03:10 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Incase anyone ever comes across this thread. We found that the problem was that the user had an upper case letter in his windows AD account.
To fix this issue we set:
HDFS Config: Map Kerberos Principals to Short Names
RULE:[1:$1]/L
DEFAULT
Impala Config: load_auth_to_local_rules
TRUE
Created ‎08-09-2017 03:10 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Incase anyone ever comes across this thread. We found that the problem was that the user had an upper case letter in his windows AD account.
To fix this issue we set:
HDFS Config: Map Kerberos Principals to Short Names
RULE:[1:$1]/L
DEFAULT
Impala Config: load_auth_to_local_rules
TRUE
