You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "chuanjie.duan (JIRA)" <ji...@apache.org> on 2017/10/30 10:02:02 UTC

[jira] [Created] (RANGER-1865) hive plugin alter table add partition failed HiveAccessControlException Permission denied: user does not have [READ] privilege on location

chuanjie.duan created RANGER-1865:
-------------------------------------

             Summary: hive plugin alter table add partition failed HiveAccessControlException Permission denied: user does not have [READ] privilege on location
                 Key: RANGER-1865
                 URL: https://issues.apache.org/jira/browse/RANGER-1865
             Project: Ranger
          Issue Type: Bug
          Components: plugins
    Affects Versions: 0.6.3
            Reporter: chuanjie.duan


hive execute insert sql:alter table tablename add if not exists partition(yyyymmdd='20170911',ds='rcc_02') location 'hdfs://xxxx/yyyymmdd=20170911/ds=rcc_02'

Client Log:
org.apache.hive.service.cli.HiveSQLException: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [username] does not have [READ] privilege on [hdfs://xxxx/yyyymmdd=20170911/ds=rcc_02]

Hiveserver Log:
017-10-27 16:53:26,929 ERROR [HiveServer2-Handler-Pool: Thread-43]: authorizer.RangerHiveAuthorizer (RangerHiveAuthorizer.java:isURIAccessAllowed(1034)) - Error getting permissions for hdfs://xxxx/yyyymmdd=20170911/ds=rcc_02
java.net.ConnectException: Call From hostname/ipaddress to hiveserver host:9000 failed on connection exception: java.net.ConnectException: Connection refused; For more details see:  http://wiki.apache.org/hadoop/ConnectionRefused
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
        at org.apache.hadoop.net.NetUtils.wrapWithMessage(NetUtils.java:792)
        at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:732)
        at org.apache.hadoop.ipc.Client.call(Client.java:1480)
        at org.apache.hadoop.ipc.Client.call(Client.java:1407)
        at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:229)
        at com.sun.proxy.$Proxy12.getFileInfo(Unknown Source)
        at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getFileInfo(ClientNamenodeProtocolTranslatorPB.java:771)
        at sun.reflect.GeneratedMethodAccessor10.invoke(Unknown Source)

Cause:
Hive security enabled kerberos, hive plugin access hdfs should do authentication first.
 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)