Hi,

Today, I am observing a strange problem;

Cluster: Enabled with Sentry authorization, Policy file is checked, the groups are defined properly as below, I am able to connect to impala, but not able to access the schema. I don't see any problem with the ini configurations but could not understand the root cause, unfortunately due to previliges issue I can't set DBUG for sentry. Can any one help?

configuration details:

access-provider.ini

  db1=hdfs://server1:8020/hive/access/db1.ini

now if i check db1.ini

entry is

   [groups]

   xyz=xyz_role

[roles]

xyz_role = server=server1->db=db1->table=*->action=select

while going through the logs of Catalog server I see the below errors, any idea why could it be so?

E1030 10:50:07.559773 5155 SentryProxy.java:155] Error refreshing Sentry policy:

Java exception follows:

com.cloudera.impala.catalog.AuthorizationException: User 'impalauser' does not have privileges to execute: LIST_ROLES

at com.cloudera.impala.util.SentryPolicyService.listAllRoles(SentryPolicyService.java:337)

at com.cloudera.impala.util.SentryProxy$PolicyReader.run(SentryProxy.java:104)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)

at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)

at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)