Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

User is not allowed to impersonate himself

User is not allowed to impersonate himself

Rising Star

Hello,

 

I have set-up a Kerberized cloudera quickstart. I enabled Sentry like described in Couldera's documentation.

Hive impersonation has been disabled as part of Sentry setup.

 

I am facing several problems with the setup, so let me start from a simple point:

 

I now login to Hue with (the default) user cloudera, who belongs to Hue groups default, hue and supergroup.

On OS level, user cloudera belongs to OS groups default, hue and supergroup as well.

 

Now, when I am visiting Hue -> Data Browsers -> Metastore Manager, I get:

 

2017-10-19 06:53:51,427 ERROR org.apache.thrift.server.TThreadPoolServer: [pool-4-thread-9]: Error occurred during processing of message.
java.lang.RuntimeException: org.apache.hadoop.security.authorize.AuthorizationException: User: hive/quickstart.cloudera@CLOUDERA.LOCAL is not allowed to impersonate hive/quickstart.cloudera@CLOUDERA.LOCAL

 

What is the root of this problem?

 

Thank you

1 REPLY 1
Highlighted

Re: User is not allowed to impersonate himself

Explorer

Please check which unix group the hive user belongs to and add this group into hadoop.proxyuser.hive.groups in the hive configuration via cloudera manager.