Support Questions

snm1523 · ‎03-23-2021

Hello All,

We have a around 22 databases and their respective tables which are accessible via Impala in Hue, but not via Hive for 3 newly added users. We get below error which is related to permissions to databases via Sentry, however, this looks strange to me since the permissions are managed at DB level and not specific to service. So if permissions are not correct, we should not have been able to access them via Impala as well.

Error message:

Error while compiling statement: FAILED: SemanticException No valid privileges User xxxxxx does not have privileges for SWITCHDATABASE The required privileges: Server=server1->Db=*->Table=+->Column=*->action=select->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=insert->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=alter->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=create->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=drop->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=index->grantOption=false;Server=server1->Db=*->Table=+->Column=*->action=lock->grantOption=false;

Query that works fine in Impala but not Hive:

select * from dbname.tablename limit 5;

Please suggest what can be checked / done to fix this.

Thanks

snm1523

snm1523 · ‎05-10-2021

Any suggestions please?

tusharkathpal · ‎05-13-2021

Hello @snm1523

First and for most thing, ensure the users are synced in all the nodes.

for all the newly added users run id -Gn <username> on all the impala and hs2 nodes and ensure that this matches across all the nodes.

snm1523 · ‎05-14-2021

Hello @tusharkathpal,

Thank you for the reply.

Have verified all the users are in correct groups and same on all nodes.

Please suggest what can be checked further.

Thanks

snm1523

vidanimegh · ‎05-14-2021

Hi @snm1523 ,

What are the permissions these new users have on default database?

Thanks,

Megh

snm1523 · ‎05-14-2021

Hello @vidanimegh,

We are not changing any permissions to users (including me) on default DB. They are just default (whatever they get once created). We are managing permissions using Sentry on each DB that is created.

We have verified permissions are all okay in Sentry as users (including me) are able to see / query tables in Impala via Hue but not in Hive.

Thanks

snm1523

tusharkathpal · ‎05-14-2021

Hello @snm1523

Could you please help me with the below details.

Step 1: Connect to any of the edge node and run the below.

id -Gn <new username>

kinit <username>

connect to HS2 using the jdbc conn string and then run, select current_user();

run the query select * from tablename which gives error.

Step 2: Now from the same edge node, connect to one of the impala node.

id -Gn <new username>

kinit <username>

Connect to Impala using the jdbc connection string

beeline -u "jdbc:hive2://<impala-coordinator-node>:21050/default;principal=impala/<LB FQDN NAME>@REALM_NAME;ssl=true;sslTrustStore=<truststore path>;

**Use LB FQDN Name in principal section if you have LB else use the coordinator FQDN hostname above. If you have ssl enabled then use:-->sslTrustStore=<truststore path> else you can remove from connection string.

and run , select current_user(); and run the same query here.

Step 3:

ssh to host running Hue server. If you have multiple host running hue server then ssh to them one by one and repeat the same.

id -Gn <username> output

kinit username

connect once to HS2 and Impala each via beeline then run select current_user() and the query.

Once done share all the results to validate things.

snm1523 · ‎05-14-2021

@tusharkathpal , got hit to another issue, working on that. Will revert with these results by Monday.

Cloudera Community

Support Questions

Strange permission Hive issue in accessing DBs