I have recently setup hive and impala with LDAP authentication and am now implementing sentry for role authorization. So far I have successfully setup sentry as a service for hive, however, I am unable to get the same results with impala. I have added the users in ldap to a user group which has "grant all on server server1". I know that these permissions work because they work correctly in hive (perhaps they differ in impala?).
This is the following error that I receive after logging into the impala-shell once authenticating.
"ERROR: AuthorizationException: User 'xxxx' does not have privileges to access: default.*"
Now my guess is that this has something to do with sentry and not ldap integration since impala works fine once I disable the sentry dependancy. What I cannot find is where to declare the sentry server for impala to point to for permissions. The link listed below mentions a setting in the "/etc/default/impala" file (I cannot find this file). I believe that this is the root cause for my authorization issues sense the error appears after authenticating and impala seems to have no way of understanding where to locate my permission list.
Did you get this working? I was facing the same issue and I get it working by removing the configuration documeted in the Sentry setup:
Configuring Impala as a Client for the Sentry Service Set the following configuration properties in sentry-site.xml. <property> <name>sentry.service.client.server.rpc-port</name> <value>3893</value> </property> <property> <name>sentry.service.client.server.rpc-address</name> <value>hostname</value> </property> <property> <name>sentry.service.client.server.rpc-connection-timeout</name> <value>200000</value> </property> <property> <name>sentry.service.security.mode</name> <value>none</value> </property>