Support Questions
Find answers, ask questions, and share your expertise

User is not allowed to impersonate himself

User is not allowed to impersonate himself

Rising Star



I have set-up a Kerberized cloudera quickstart. I enabled Sentry like described in Couldera's documentation.

Hive impersonation has been disabled as part of Sentry setup.


I am facing several problems with the setup, so let me start from a simple point:


I now login to Hue with (the default) user cloudera, who belongs to Hue groups default, hue and supergroup.

On OS level, user cloudera belongs to OS groups default, hue and supergroup as well.


Now, when I am visiting Hue -> Data Browsers -> Metastore Manager, I get:


2017-10-19 06:53:51,427 ERROR org.apache.thrift.server.TThreadPoolServer: [pool-4-thread-9]: Error occurred during processing of message.
java.lang.RuntimeException: User: hive/quickstart.cloudera@CLOUDERA.LOCAL is not allowed to impersonate hive/quickstart.cloudera@CLOUDERA.LOCAL


What is the root of this problem?


Thank you


Re: User is not allowed to impersonate himself


Please check which unix group the hive user belongs to and add this group into hadoop.proxyuser.hive.groups in the hive configuration via cloudera manager.