Hi Junjie, I thought "hive" user should be the "admin_role" of beeline, so there is no need to grant command for "hive" user, since in my another cluster, "hive" user has the admin role with all permission in beeline once after I enabled sentry.
Please feel free to correct me if I miss something. Thanks! On Thu, May 14, 2015 at 9:57 AM, Ma, Junjie <[email protected]> wrote: > Hello Michelle, > You enable the sentry for hive, do you grant the properly > permission to user "hive" to show the tables? > > Best regards, > > Colin Ma(Ma Jun Jie) > > -----Original Message----- > From: Liping Zhang [mailto:[email protected]] > Sent: Thursday, May 14, 2015 8:35 AM > To: [email protected]; [email protected]; [email protected]; > [email protected]; [email protected]; > [email protected] > Subject: Re: "show databases" doesn't return all databases with > Kerberos/Sentry enabled > > Thanks Szehon, Prasad, and TheJas. I added sentry mailing list. > > Dear Sentry, > > This is very strange issue. I also tried rolling back the configuration, > but it still could not return right databases list with "show databases". > > Do you have any idea? Thanks very much for your help in advance! > > > > On Thu, May 14, 2015 at 3:05 AM, Szehon Ho <[email protected]> wrote: > > > Hi Liping > > > > Do you want to check the Sentry mailing list as well? They might know > > more about this scenario. > > > > Thanks > > Szehon > > > > On Wed, May 13, 2015 at 10:18 AM, Liping Zhang <[email protected]> > > wrote: > > > >> Dear all, > >> > >> I installed CDH, kerberos, sentry to enable security for hive > >> beeline. I did following commands: > >> > >> # kinit -k -t hive.keytab hive/ > >> [email protected] > >> > >> # beeline -u > >> "jdbc:hive2://ip-172-31-9-84.us-west-2.compute.internal:10000/default > >> ;principal=hive/ [email protected]" > >> > >> > >> and in beeline CLI: > >> # show databases > >> # show tables > >> these 2 "show" commands did work well and return all the databases > >> and tables we had. > >> > >> However, after I changed some configuration and restart hive, and > >> rerun above commands with "hive" user, it was strange that in > >> beeline CLI, *"show databases" and "show tables" didn't return all > >> the databases and tables we had, instead, they only returned one > >> "default" database, and no tables > >> returned.* > >> > >> The configuration change I remembered included: > >> Adding: > >> > >> <property> > >> <name>hive.server2.authentication</name> > >> <value>KERBEROS</value> > >> </property> > >> To Hive Client Configuration Safety Valve for hive-site.xml (Gateway > service in CM) properly modified the hive-site.xml for Hue Server. > >> > >> > >> The commands in beeline I remembered after restarting hive, and > >> before running "show databases" and "show tables" was: > >> # create role role1; > >> # show roles; > >> # show current roles; > >> > >> after that, the "hive" user in beeline could only return "default" > >> database with no tables for "show databases" and "show tables" command. > >> > >> > >> And I checked /user/hive/warehouse dir, all the databases and tables > >> files did existed. > >> > >> > >> Did anyone met this kind of issue before? Any comments and discussion > >> are highly appreciated! > >> > >> > >> -- > >> Cheers, > >> ----- > >> Big Data - Big Wisdom - Big Value > >> -------------- > >> Michelle Zhang (Liping Zhang) > >> > > > > > > > -- > Cheers, > ----- > Big Data - Big Wisdom - Big Value > -------------- > Michelle Zhang (Liping Zhang) > -- Cheers, ----- Big Data - Big Wisdom - Big Value -------------- Michelle Zhang (Liping Zhang)
