You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "rickboker (Jira)" <ji...@apache.org> on 2023/04/23 11:43:00 UTC

[jira] [Created] (RANGER-4202) return error using hadoop key roll command, when you set certian key ACL in rangeradmin.

rickboker created RANGER-4202:
---------------------------------

             Summary: return error using hadoop key roll command, when you set certian key ACL in rangeradmin.
                 Key: RANGER-4202
                 URL: https://issues.apache.org/jira/browse/RANGER-4202
             Project: Ranger
          Issue Type: Bug
          Components: kms
    Affects Versions: 2.3.0
            Reporter: rickboker


I set access policy as
{quote}{keyname: key1

user: user1

permissions: create get delete rollover

}
{quote}
and when I use this user to rollover or delete key by hadoop command it will return error.

ERROR INFORMATION:
{quote}Rolling key version from KeyProvider: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientP
  for key name: key1
Cannot roll key: key1 within KeyProvider: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSC
roll <keyname> [-provider <provider>] [-strict] [-help]:

The roll subcommand creates a new version for the specified key
within the provider indicated using the -provider argument.
If -strict is supplied, fail immediately if the provider requires
a password and none is given.
Executing command failed with the following exception: AuthorizationException: User:user1
{quote}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)