You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ranger.apache.org by Dale Bradman <da...@profusion.com> on 2016/06/15 17:07:50 UTC
Hive Plugin - Unable to execute SQL [show databases like "*"
Trying to configure the HIVE plugin for Kerberised, HA, HDP 2.4.2.
Advanced ranger-hive-plugin-properties:
Ranger repository config user = rangerrepouser@AD.EXAMPLE<ma...@AD.EXAMPLE>
Ranger repository config password = password
common.name.for.certificate =
jdbc.driverClassName= org.apache.hive.jdbc.HiveDriver
Policy user for HIVE = ambari-qa
Ranger Hive pluging configs:
Username = rangerrepouser@MAILTRACK.LOCAL<ma...@MAILTRACK.LOCAL>
Password = password
jdbc.driverClassName= org.apache.hive.jdbc.HiveDriver
jdbc.url = jdbc:hive2://hdpmaster01:10000/default;principal=hive/hdpmaster01@AD.EXAMPLE
2016-06-15 17:47:01,270 [timed-executor-pool-0] INFO org.apache.ranger.plugin.client.BaseClient (BaseClient.java:100) - Init Login: using username/password
2016-06-15 17:47:01,377 [timed-executor-pool-0] INFO apache.ranger.services.hive.client.HiveClient (HiveClient.java:66) - Secured Mode: JDBC Connection done with preAuthenticated Subject
2016-06-15 17:47:01,492 [timed-executor-pool-0] ERROR apache.ranger.services.hive.client.HiveResourceMgr (HiveResourceMgr.java:51) - <== HiveResourceMgr.testConnection Error: org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"].
2016-06-15 17:47:01,493 [timed-executor-pool-0] ERROR org.apache.ranger.services.hive.RangerServiceHive (RangerServiceHive.java:58) - <== RangerServiceHive.validateConfig Error:org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"].
2016-06-15 17:47:01,493 [timed-executor-pool-0] ERROR org.apache.ranger.biz.ServiceMgr$TimedCallable (ServiceMgr.java:434) - TimedCallable.call: Error:org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"].
2016-06-15 17:47:01,494 [http-bio-6080-exec-12] ERROR org.apache.ranger.biz.ServiceMgr (ServiceMgr.java:120) - ==> ServiceMgr.validateConfig Error:java.util.concurrent.ExecutionException: org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"].
I can successfully connect to beeline using:
$ beeline -u 'jdbc:hive2://hdpmaster01:10000/default;principal=hive/hdpmaster01@AD.EXAMPLE'
But then if I do 'SHOW DATABASES', I see the following error:
Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [dale] does not have [USE] privilege on [null] (state=42000,code=40000)
Any ideas how to get this working?
Thanks,
Dale
RE: Hive Plugin - Unable to execute SQL [show databases like "*"
Posted by Dale Bradman <da...@profusion.com>.
Ok yes when I enter dale into the Ranger policy then the databases are returned!
However the “Test Connection” still fails. Is that ok? I notice there aren’t any Kerberos properties in the set up. Maybe it requires some additional properties from the hive-site.xml?
Thanks.
From: Selvamohan Neethiraj [mailto:sneethiraj@hortonworks.com] On Behalf Of Selvamohan Neethiraj
Sent: 15 June 2016 18:40
To: user@ranger.incubator.apache.org
Subject: Re: Hive Plugin - Unable to execute SQL [show databases like "*"
Hi Dale,
Do you have any ranger policy granting permission for any database/table/column objects for dale ?
You need some permission on database to be able to list the database using ‘SHOW DATABASES’ command.
Please add a policy to grant permission to VIEW some table in the default database and see if the error goes away ….
Thanks,
Selva-
From: Dale Bradman <da...@profusion.com>>
Reply-To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Date: Wednesday, June 15, 2016 at 1:07 PM
To: "user@ranger.incubator.apache.org<ma...@ranger.incubator.apache.org>" <us...@ranger.incubator.apache.org>>
Subject: Hive Plugin - Unable to execute SQL [show databases like "*"
Trying to configure the HIVE plugin for Kerberised, HA, HDP 2.4.2.
Advanced ranger-hive-plugin-properties:
Ranger repository config user = rangerrepouser@AD.EXAMPLE<ma...@AD.EXAMPLE>
Ranger repository config password = password
common.name.for.certificate =
jdbc.driverClassName= org.apache.hive.jdbc.HiveDriver
Policy user for HIVE = ambari-qa
Ranger Hive pluging configs:
Username = rangerrepouser@MAILTRACK.LOCAL<ma...@MAILTRACK.LOCAL>
Password = password
jdbc.driverClassName= org.apache.hive.jdbc.HiveDriver
jdbc.url = jdbc:hive2://hdpmaster01:10000/default;principal=hive/hdpmaster01@AD.EXAMPLE<ma...@AD.EXAMPLE>
2016-06-15 17:47:01,270 [timed-executor-pool-0] INFO org.apache.ranger.plugin.client.BaseClient (BaseClient.java:100) - Init Login: using username/password
2016-06-15 17:47:01,377 [timed-executor-pool-0] INFO apache.ranger.services.hive.client.HiveClient (HiveClient.java:66) - Secured Mode: JDBC Connection done with preAuthenticated Subject
2016-06-15 17:47:01,492 [timed-executor-pool-0] ERROR apache.ranger.services.hive.client.HiveResourceMgr (HiveResourceMgr.java:51) - <== HiveResourceMgr.testConnection Error: org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"].
2016-06-15 17:47:01,493 [timed-executor-pool-0] ERROR org.apache.ranger.services.hive.RangerServiceHive (RangerServiceHive.java:58) - <== RangerServiceHive.validateConfig Error:org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"].
2016-06-15 17:47:01,493 [timed-executor-pool-0] ERROR org.apache.ranger.biz.ServiceMgr$TimedCallable (ServiceMgr.java:434) - TimedCallable.call: Error:org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"].
2016-06-15 17:47:01,494 [http-bio-6080-exec-12] ERROR org.apache.ranger.biz.ServiceMgr (ServiceMgr.java:120) - ==> ServiceMgr.validateConfig Error:java.util.concurrent.ExecutionException: org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"].
I can successfully connect to beeline using:
$ beeline -u 'jdbc:hive2://hdpmaster01:10000/default;principal=hive/hdpmaster01@AD.EXAMPLE<ma...@AD.EXAMPLE>’
But then if I do ‘SHOW DATABASES’, I see the following error:
Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [dale] does not have [USE] privilege on [null] (state=42000,code=40000)
Any ideas how to get this working?
Thanks,
Dale
Re: Hive Plugin - Unable to execute SQL [show databases like "*"
Posted by Selvamohan Neethiraj <sn...@apache.org>.
Hi Dale,
Do you have any ranger policy granting permission for any database/table/column objects for dale ?
You need some permission on database to be able to list the database using ‘SHOW DATABASES’ command.
Please add a policy to grant permission to VIEW some table in the default database and see if the error goes away ….
Thanks,
Selva-
From: Dale Bradman <da...@profusion.com>
Reply-To: "user@ranger.incubator.apache.org" <us...@ranger.incubator.apache.org>
Date: Wednesday, June 15, 2016 at 1:07 PM
To: "user@ranger.incubator.apache.org" <us...@ranger.incubator.apache.org>
Subject: Hive Plugin - Unable to execute SQL [show databases like "*"
Trying to configure the HIVE plugin for Kerberised, HA, HDP 2.4.2.
Advanced ranger-hive-plugin-properties:
Ranger repository config user = rangerrepouser@AD.EXAMPLE
Ranger repository config password = password
common.name.for.certificate =
jdbc.driverClassName= org.apache.hive.jdbc.HiveDriver
Policy user for HIVE = ambari-qa
Ranger Hive pluging configs:
Username = rangerrepouser@MAILTRACK.LOCAL
Password = password
jdbc.driverClassName= org.apache.hive.jdbc.HiveDriver
jdbc.url = jdbc:hive2://hdpmaster01:10000/default;principal=hive/hdpmaster01@AD.EXAMPLE
2016-06-15 17:47:01,270 [timed-executor-pool-0] INFO org.apache.ranger.plugin.client.BaseClient (BaseClient.java:100) - Init Login: using username/password
2016-06-15 17:47:01,377 [timed-executor-pool-0] INFO apache.ranger.services.hive.client.HiveClient (HiveClient.java:66) - Secured Mode: JDBC Connection done with preAuthenticated Subject
2016-06-15 17:47:01,492 [timed-executor-pool-0] ERROR apache.ranger.services.hive.client.HiveResourceMgr (HiveResourceMgr.java:51) - <== HiveResourceMgr.testConnection Error: org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"].
2016-06-15 17:47:01,493 [timed-executor-pool-0] ERROR org.apache.ranger.services.hive.RangerServiceHive (RangerServiceHive.java:58) - <== RangerServiceHive.validateConfig Error:org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"].
2016-06-15 17:47:01,493 [timed-executor-pool-0] ERROR org.apache.ranger.biz.ServiceMgr$TimedCallable (ServiceMgr.java:434) - TimedCallable.call: Error:org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"].
2016-06-15 17:47:01,494 [http-bio-6080-exec-12] ERROR org.apache.ranger.biz.ServiceMgr (ServiceMgr.java:120) - ==> ServiceMgr.validateConfig Error:java.util.concurrent.ExecutionException: org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"].
I can successfully connect to beeline using:
$ beeline -u 'jdbc:hive2://hdpmaster01:10000/default;principal=hive/hdpmaster01@AD.EXAMPLE’
But then if I do ‘SHOW DATABASES’, I see the following error:
Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [dale] does not have [USE] privilege on [null] (state=42000,code=40000)
Any ideas how to get this working?
Thanks,
Dale