@Mondi    It is highly recommended to install kerberos as a prerequisite before using sentry. HiveServer2 and the Hive Metastore (HMS) running with strong authentication. For HiveServer2, strong authentication is either Kerberos or LDAP. For the Hive Metastore, only Kerberos is considered strong authentication (to override, see Securing the Hive Metastore). Below document mentions the prerequisites in detail: https://docs.cloudera.com/documentation/enterprise/latest/topics/sg_sentry_before_you_install.html#prerequisites   Hope this helps, Paras Was your question answered? Make sure to mark the answer as the accepted solution. If you find a reply useful, say thanks by clicking on the thumbs up button. ... View more

@Mondi    The property setting the retainment period can be found at: Cloudera Manager -> Cloudera Management Service -> Configuration -> and in the search field please type: "Navigator Audit Server Data Expiration Period" After reducing this retention period and restarting the Nav Audit server role, the tables/data should be purged.  If you still see old audit data remaining you can proceed with manual purging: Connect to your database. > show databases; > use <nav_audit_database>; > show tables; > drop table <audit_event_table>; You can also set audit filters for difffernt services to have a control on audit collection. https://docs.cloudera.com/documentation/enterprise/6/6.3/topics/cn_admcfg_audit_filters.html   Hope this helps, Paras Was your question answered? Make sure to mark the answer as the accepted solution. If you find a reply useful, say thanks by clicking on the thumbs up button. ... View more

@michaelli    You can use the CM API to fetch the service configurations by executing below command from terminal   # curl -u admin_uname:admin_pass "http://cm_server_host:7180/api/v19/cm/deployment" The password should be present under the name :  hive_metastore_database_password Refer: https://docs.cloudera.com/documentation/enterprise/5-14-x/topics/cm_intro_api.html#concept_dnn_cr5_mr__section_ztf_lyt_xr   Hope this helps, Paras Was your question answered? Make sure to mark the answer as the accepted solution. If you find a reply useful, say thanks by clicking on the thumbs up button. ... View more

@had00p101    To allow scheduler access, please uncheck the permission disable_editor_access if this is enabled for the hue user group.  Only oozie.access, oozie.dashboard_jobs_access is required to be set under the group permissions set for user in Hue.   Hope this helps, Paras Was your question answered? Make sure to mark the answer as the accepted solution. If you find a reply useful, say thanks by clicking on the thumbs up button. ... View more

@chhaya_vishwaka  The "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" error can happen if a JKS contains multiple certs with similar names. Run below command for the keystore # keytool -list -keystore server.jks The correct cert with be the one with "Entry type: PrivateKeyEntry". If you find a certificate with "Entry type: trustedCertEntry" and a similar alias name then that is the problem cert. Remove this certificate from keystore using below steps: i) Make a backup of the existing JKS. ii) Stop CM iii) Remove the cert identified above. keytool -delete -alas <cert_alias> -keystore server.jks iv) Start CM and test again. ... View more

@Cico    If the permissions are already set to 777 for /tmp , restart the particular node manager from Cloudera Manager. This should allow the creation of new file in /tmp.  ... View more