Thursday, December 28, 2017

Permission issue after Sentry enabled for HDFS/HIVE/Impala/Hue

Original few tables created under user donghua, now zero table showed through “show tables” command:

0: jdbc:hive2://cdh-vm. dbaglobe.com:10000/d> show tables;
+-----------+--+
| tab_name  |
+-----------+--+
+-----------+--+
No rows selected (0.386 seconds)

Permission denied for create table:

0: jdbc:hive2://cdh-vm. dbaglobe.com:10000/d> create table employee3 (id int, name string);
Error: Error while compiling statement: FAILED: SemanticException No valid privileges
  User donghua does not have privileges for CREATETABLE
  The required privileges: Server=server1->Db=default->action=*; (state=42000,code=40000)


Quick solution:

login hive as user hive, and grant all permission to donghua; (refer to URL here if help needed to login as hive after kerboros enabled: http://www.dbaglobe.com/2017/12/login-as-keberos-userprincipal-after.html)

create role analyst_role;
grant all on database default to role analyst_role;
grant role analyst_role to donghua;