Hi Eddie, Sorry about the misleading. I mean uid in /etc/passwd file. Does all the service a/c should have uid > 1000. After enabling Kerberos, i see the error message as below user hive is not whitelisted and has id 500,which is below the minimum allowed 1000 Does Ambari does not take care of this , when we mention min.user.id=1000 in the file : /etc/hadoop/conf/container-executor.cfg. http://docs.hortonworks.com/HDPDocuments/Ambari-2.2.2.0/bk_ambari_reference_guide/content/_defining_service_users_and_groups_for_a_hdp_2x_stack.html : All new service user accounts, and any existing user accounts used as service users, must have a UID >= 1000 Thanks JJ ... View more

Neeraj, do you mean amb_ranger_admin ? ... View more

Hi Pierre, Could able to find the issue with 1) from beeline , if we connect just with < !connect jdbc:hive2:// > it just prompts for user name / password. Now policy is not working 2) if we connect with complete string like : !connect jdbc:hive2://<hiveserver2>:10000/default test2 test2 , now the policy is enforced ... View more

executed command are as below . Please see the screen shot for the setuphive-ranger-policy-issuertfd.zip ************* [test2@node01 ~]$ id uid=513(test2) gid=504(hadoop) groups=504(hadoop) [test2@node01 ~]$ beeline WARNING: Use "yarn jar" to launch YARN applications. Beeline version 1.2.1000.2.4.2.0-258 by Apache Hive beeline> !connect jdbc:hive2:// Connecting to jdbc:hive2:// Enter username for jdbc:hive2://: test2 Enter password for jdbc:hive2://: ***** Connected to: Apache Hive (version 1.2.1000.2.4.2.0-258) Driver: Hive JDBC (version 1.2.1000.2.4.2.0-258) Transaction isolation: TRANSACTION_REPEATABLE_READ 0: jdbc:hive2://> INSERT INTO TABLE students VALUES ('fred flintstone', 35, 1.28); 17/02/07 19:39:56 [main]: ERROR hdfs.KeyProviderCache: Could not find uri with key [dfs.encryption.key.provider.uri] to create a keyProvider !! Query ID = test2_20170207193955_e8c97ad8-f12b-4f04-91ae-eb0a9064bb27 Total jobs = 1 Launching Job 1 out of 1 17/02/07 19:40:05 [HiveServer2-Background-Pool: Thread-27]: WARN tez.DagUtils: hive.tez.java.opts will be ignored because hive.tez.container.size is not set! 17/02/07 19:40:05 [HiveServer2-Background-Pool: Thread-27]: WARN tez.DagUtils: hive.tez.java.opts will be ignored because hive.tez.container.size is not set! Status: Running (Executing on YARN cluster with App id application_1486082581831_0025) -------------------------------------------------------------------------------- VERTICES STATUS TOTAL COMPLETED RUNNING PENDING FAILED KILLED -------------------------------------------------------------------------------- Map 1 .......... SUCCEEDED 1 1 0 0 0 0 Reducer 2 ...... SUCCEEDED 2 2 0 0 0 0 -------------------------------------------------------------------------------- VERTICES: 02/02 [==========================>>] 100% ELAPSED TIME: 9.01 s -------------------------------------------------------------------------------- Loading data to table default.students Table default.students stats: [numFiles=30, numRows=22, totalSize=10236, rawDataSize=4716] OK No rows affected (20.948 seconds) 0: jdbc:hive2://> *************** ... View more

Pierre, I am using Beeline , and still policy is not gettting implemented / kicked off; ... View more