Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Strange permission Hive issue in accessing DBs

avatar
Expert Contributor

Hello All,

 

We have a around 22 databases and their respective tables which are accessible via Impala in Hue, but not via Hive for 3 newly added users. We get below error which is related to permissions to databases via Sentry, however, this looks strange to me since the permissions are managed at DB level and not specific to service. So if permissions are not correct, we should not have been able to access them via Impala as well.

 

Error message:

Error while compiling statement: FAILED: SemanticException No valid privileges User xxxxxx does not have privileges for SWITCHDATABASE The required privileges: Server=server1->Db=*->Table=+->Column=*->action=select->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=insert->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=alter->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=create->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=drop->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=index->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=lock->grantOption=false;

 

Query that works fine in Impala but not Hive:

select * from dbname.tablename limit 5;

 

Please suggest what can be checked / done to fix this.

 

Thanks

snm1523

7 REPLIES 7

avatar
Expert Contributor

Any suggestions please?

avatar
Expert Contributor

Hello @snm1523 

 

First and for most thing, ensure the users are synced in all the nodes.

 

for all the newly added users run id -Gn <username> on all the impala and hs2 nodes and ensure that this matches across all the nodes.

 

 

avatar
Expert Contributor

Hello @tusharkathpal,

 

Thank you for the reply.

 

Have verified all the users are in correct groups and same on all nodes.

 

Please suggest what can be checked further.

 

Thanks

snm1523

avatar
Expert Contributor

Hi @snm1523 ,

 

What are the permissions these new users have on default database?

 

Thanks,

Megh

avatar
Expert Contributor

Hello @vidanimegh,

We are not changing any permissions to users (including me) on default DB. They are just default (whatever they get once created). We are managing permissions using Sentry on each DB that is created.

 

We have verified permissions are all okay in Sentry as users (including me) are able to see / query tables in Impala via Hue but not in Hive.

 

Thanks

snm1523

avatar
Expert Contributor

Hello @snm1523 

 

Could you please help me with the below details.

 

Step 1: Connect to any of the edge node and run the below.

 

id -Gn <new username>

kinit <username>

connect to HS2 using the jdbc conn string and then run, select current_user();

run the query select * from tablename which gives error.

 

Step 2: Now from the same edge node, connect to one of the impala node.

 

id -Gn <new username>

kinit <username>

Connect to Impala using the jdbc connection string 

beeline -u "jdbc:hive2://<impala-coordinator-node>:21050/default;principal=impala/<LB FQDN NAME>@REALM_NAME;ssl=true;sslTrustStore=<truststore path>;

 

**Use LB FQDN Name in principal section if you have LB else use the coordinator FQDN hostname above. If you have ssl enabled then use:-->sslTrustStore=<truststore path> else you can remove from connection string.

 

and run , select current_user(); and run the same query here.

 

Step 3:

 

ssh to host running Hue server. If you have multiple host running hue server then ssh to them one by one and repeat the same.

 

id -Gn <username> output

kinit username

connect once to HS2 and Impala each via beeline then run select current_user() and the query.

 

Once done share all the results to validate things.

avatar
Expert Contributor

@tusharkathpal , got hit to another issue, working on that. Will revert with these results by Monday.