28802
DISCUSSIONS
102184
MEMBERS
3161
ARTICLES
Hi,
Today, I am observing a strange problem;
Cluster: Enabled with Sentry authorization, Policy file is checked, the groups are defined properly as below, I am able to connect to impala, but not able to access the schema. I don't see any problem with the ini configurations but could not understand the root cause, unfortunately due to previliges issue I can't set DBUG for sentry. Can any one help?
configuration details:
access-provider.ini
db1=hdfs://server1:8020/hive/access/db1.ini
now if i check db1.ini
entry is
[groups]
xyz=xyz_role
[roles]
xyz_role = server=server1->db=db1->table=*->action=select
while going through the logs of Catalog server I see the below errors, any idea why could it be so?
E1030 10:50:07.559773 5155 SentryProxy.java:155] Error refreshing Sentry policy:
Java exception follows:
com.cloudera.impala.catalog.AuthorizationException: User 'impalauser' does not have privileges to execute: LIST_ROLES
at com.cloudera.impala.util.SentryPolicyService.listAllRoles(SentryPolicyService.java:337)
at com.cloudera.impala.util.SentryProxy$PolicyReader.run(SentryProxy.java:104)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)