But my question is :- Why Realm is required while Connect via Beeline ... View more

@Adi jabkowsky With your Previous issue you can use without any changes. You have to enter username@REALM then Password, It will work defiantly 🙂 ... View more

Thanks Harsh J ... View more

Thanks Harsh J   My Sentry configuration is working fine now.. Thank you very much for all of your help ... View more

Hi Harsh J   Thanks for reply.. Just before giving answers of your questions . I want to make things more clear.   I have set Sentry User to Group Mapping Class to org.apache.sentry.provider.file.LocalGroupResourceAuthorizationProvider in Hive service thats why i have changed group of user impadmin from hadoop to an local group named engineering   Also Hadoop User Group Mapping Implementation is set org.apache.hadoop.security.ShellBasedUnixGroupsMapping in HDFS service on our cluster   Do u think any other setting will be required to use local user group ? As per my R&D these are only one   SHOW CURRENT ROLES; SHOW GRANT ROLE developer;   While running above as a hive user so its giving proper results ....   I have also ran "id -Gn impadmin" Linux command on HS2 and Sentry Service hosts..  Its giving below response  impadmin engineering     I added user in group using below command   usermod -G impadmin ,engineering impadmin   Just to add more details :-   Our hive database name is metastore and sentry service database name is  sentry .. Both are mysql I went to mysql and use metastore and show tables so i can see an table named ROLES.. When query this table i can see below results   +---------+-------------+------------+-----------+ | ROLE_ID | CREATE_TIME | OWNER_NAME | ROLE_NAME | +---------+-------------+------------+-----------+ | 1 | 1431503404 | admin | admin | | 2 | 1431503404 | public | public | +---------+-------------+------------+-----------+   .... Do u think we need to add role named developer in this table as well.. sorry just asking..may be its ilogical..     ... View more

Hi All,   We are stuck into same problem. Here are the summary   1. We have configured Sentry Service on Cloudera 5.3 (We have added "Sentry Service" not Policy file approach) . We have followed below reference URL http://www.cloudera.com/content/cloudera/en/documentation/core/latest/topics/cm_sg_sentry_service.html   2. Kerbros Authentication is not enabled on Cluster but as per prerequistee we can move ahead with LDAP Authentication also .     LDAP is configured on Cluster   3. After configuration, we go to beeline client and used “!connect jdbc:hive2://hadoopslave0.company.in:10000” as the connection string and entered “hive” as Username, Password Here hiveserver2 is configured on hadoopslave0.company.in:10000 thats why we have given this in connection string & 1000 is default port.   After this when it ask to enter username & password so we have given "hive" in both (As per below URL http://www.cloudera.com/content/cloudera/en/documentation/core/latest/topics/sg_sentry_overview.html  To initiate top-level permissions for Sentry, an admin must login as a superuser that’s why we logged in as hive)   Now when we try to CREATE TABLE here so we are facing below error in this :- Required privileges for this query: Server=server1->Db=default->action=*; (state=42000,code=40000)   Also error is coming when we try to give privilege to Groups (Group of LDAP in which LDAP user is member) . GRANT ROLE qa TO GROUP TestGroup; GRANT ALL ON DATABASE default TO ROLE qa WITH GRANT OPTION;   Problem Statement :- As we cant give permissions to LDAP groups and also cant create table  so we are stucked to perform testing in Sentry enable environment.                                            It looks we are some how doing mistake in loggin with wrong user . We need to login with user who can give permission to other . We thought hive will work as superuser but it looks its not. If you can guide which user we should use to login to create table and GRANT privilege to other users so would be really helpful .   Kindly reply its very critical for us. ... View more