Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Sentry Roles not working

Sentry Roles not working




I am unable to get my sentry authorization roles to work. I had them setup in the past and everything was working fine, about a week ago or so the sentry roles became intermittent and as of now are not being recognized. The authorization is being processed through ldap groups and not the local machine.


I am able to create new roles and grant privileges to these new roles and then grant these roles to a user group. After checking to confirm that the new role has been granted to the group the privileges granted appear to not work. 


Looking at the logs this is the error I am receiving: 

org.apache.sentry.provider.common.HadoopGroupMappingService Unable to obtain groups for hive No groups found for user hive


User hive exists on the local machine but also is a test user that was created in active directory. Roles were granted both to the AD group that user hive belongs too and group hive on the local machine. Neither appear to be working though, even though the "show current roles" reflects the roles granted to group "hive". What is strange is that originally roles were only granted to the active directory group that user "hive" belongs too and everything was working fine.


Any suggestions would be appreciated. It just does not make any sense that authorization had become intermittent and then just stopped working.




Re: Sentry Roles not working

I'm having the same problem. (19/12/2017)

Anyone found the solution to this? I also have AD and Kerberos.

Don't have an account?
Coming from Hortonworks? Activate your account here