Support Questions

avargasil · ‎02-07-2017

We have setup MIT Kerberos and AD integration.

I'm using user oracle with a kerberos ticket that permits me to login to HUE.

Initially the only admin users on sentry.site.xml were hive,impala,hue,solr and kafka.

As I cannot login as any of them I've added Oracle user to the admins and was able to login and also see the databases and query them from Hue.

I expected I'll be able to grant privileges on the objects, I did create table av_test on the default database, and using Hue->Security->Hive tables, I assigned privileges to a group or a user but failed on all cases with error:

accessControlException: Permission denied. user=oracle is not the owner of the inode=av_test

Also I've run:

grant all on server server1 to role admin_role
grant role admin_role to group dbadmin

User oracle has assigned superuser and belong to group dbadmin

But still granting privileges fail with the same error.

Which is the way to grant privileges when Sentry is enabled?

Thanks a lot,

Alejandro

Hadoopservice · ‎02-08-2017

Add the users to the database respective sentry group

avargasil · ‎02-08-2017

but, how?

mbigelow · ‎02-08-2017

Just to double check an you run the below commands and share the output.

show roles;
show current roles;
show role grant group dbadmin;
show grant role admin_role;
show grant role role_admin on server1;

Does the dbadmin group exist on the OS on all of the Hive (HMS and HS2) nodes? Is the oracle user in that group on those nodes?

Support Questions

need help on how to give privileges to hive tables with Sentry