Cloudera Community

Welcome to the Cloudera Community

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Who agreed with this topic

Sentry Roles not working

avatar
author-rank Jy
Contributor

Created ‎03-04-2015 10:59 AM

Hi,

 

I am unable to get my sentry authorization roles to work. I had them setup in the past and everything was working fine, about a week ago or so the sentry roles became intermittent and as of now are not being recognized. The authorization is being processed through ldap groups and not the local machine.

 

I am able to create new roles and grant privileges to these new roles and then grant these roles to a user group. After checking to confirm that the new role has been granted to the group the privileges granted appear to not work. 

 

Looking at the logs this is the error I am receiving: 

org.apache.sentry.provider.common.HadoopGroupMappingService Unable to obtain groups for hive java.io.IOException: No groups found for user hive

 

User hive exists on the local machine but also is a test user that was created in active directory. Roles were granted both to the AD group that user hive belongs too and group hive on the local machine. Neither appear to be working though, even though the "show current roles" reflects the roles granted to group "hive". What is strange is that originally roles were only granted to the active directory group that user "hive" belongs too and everything was working fine.

 

Any suggestions would be appreciated. It just does not make any sense that authorization had become intermittent and then just stopped working.

 

Thanks

2,168
2
Who agreed with this topic