[jira] [Updated] (HIVE-8045) SQL standard auth with cli - Errors and configuration issues

Thejas M Nair (JIRA) Mon, 15 Sep 2014 14:45:07 -0700

     [ 
https://issues.apache.org/jira/browse/HIVE-8045?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Thejas M Nair updated HIVE-8045:
--------------------------------
    Summary: SQL standard auth with cli - Errors and configuration issues  
(was:  table creation fails when metastore.authorization is set to use 
MetaStoreAuthzAPIAuthorizerEmbedOnly and sql std auth is enabled from 
hive-site.xml)

> SQL standard auth with cli - Errors and configuration issues
> ------------------------------------------------------------
>
>                 Key: HIVE-8045
>                 URL: https://issues.apache.org/jira/browse/HIVE-8045
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization
>            Reporter: Jagruti Varia
>            Assignee: Thejas M Nair
>
> Unable to create external tables from hive cli after setting following two 
> properties in hive-site.xml
> {noformat}
> <property>
>   <name>hive.security.authorization.manager</name>
>   
> <value>org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory</value>
> </property>
> <property>
>   <name>hive.security.metastore.authorization.manager</name>
>  
> <value>org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider,org.apache.hadoop.hive.ql.security.authorization.MetaStoreAuthzAPIAuthorizerEmbedOnly</value>
> </property>
> {noformat}
> Table creation fails with the following error message:
> {noformat}
> hive> create external table abc(i int); 
> 14/09/09 20:21:23 [main]: INFO log.PerfLogger: <PERFLOG method=Driver.run 
> from=org.apache.hadoop.hive.ql.Driver>
> 14/09/09 20:21:23 [main]: INFO log.PerfLogger: <PERFLOG method=TimeToSubmit 
> from=org.apache.hadoop.hive.ql.Driver>
> 14/09/09 20:21:23 [main]: INFO ql.Driver: Concurrency mode is disabled, not 
> creating a lock manager
> 14/09/09 20:21:23 [main]: INFO log.PerfLogger: <PERFLOG method=compile 
> from=org.apache.hadoop.hive.ql.Driver>
> 14/09/09 20:21:23 [main]: INFO log.PerfLogger: <PERFLOG method=parse 
> from=org.apache.hadoop.hive.ql.Driver>
> 14/09/09 20:21:23 [main]: INFO parse.ParseDriver: Parsing command: create 
> external table abc(i int)
> 14/09/09 20:21:24 [main]: INFO parse.ParseDriver: Parse Completed
> 14/09/09 20:21:24 [main]: INFO log.PerfLogger: </PERFLOG method=parse 
> start=1410294083692 end=1410294084088 duration=396 
> from=org.apache.hadoop.hive.ql.Driver>
> 14/09/09 20:21:24 [main]: INFO log.PerfLogger: <PERFLOG 
> method=semanticAnalyze from=org.apache.hadoop.hive.ql.Driver>
> 14/09/09 20:21:24 [main]: INFO parse.SemanticAnalyzer: Starting Semantic 
> Analysis
> 14/09/09 20:21:24 [main]: INFO parse.SemanticAnalyzer: Creating table 
> default.abc position=22
> FAILED: RuntimeException 
> org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException:
>  Failed to retrieve roles for hrt_qa: Metastore Authorization api invocation 
> for remote metastore is disabled in this configuration.
> 14/09/09 20:21:24 [main]: ERROR ql.Driver: FAILED: RuntimeException 
> org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException:
>  Failed to retrieve roles for hrt_qa: Metastore Authorization api invocation 
> for remote metastore is disabled in this configuration.
> java.lang.RuntimeException: 
> org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException:
>  Failed to retrieve roles for hrt_qa: Metastore Authorization api invocation 
> for remote metastore is disabled in this configuration.
>       at 
> org.apache.hadoop.hive.ql.session.SessionState.setupAuth(SessionState.java:633)
>       at 
> org.apache.hadoop.hive.ql.session.SessionState.getAuthenticator(SessionState.java:1132)
>       at 
> org.apache.hadoop.hive.ql.session.SessionState.getUserFromAuthenticator(SessionState.java:822)
>       at 
> org.apache.hadoop.hive.ql.metadata.Table.getEmptyTable(Table.java:175)
>       at org.apache.hadoop.hive.ql.metadata.Table.<init>(Table.java:117)
>       at 
> org.apache.hadoop.hive.ql.parse.SemanticAnalyzer.addDbAndTabToOutputs(SemanticAnalyzer.java:10302)
>       at 
> org.apache.hadoop.hive.ql.parse.SemanticAnalyzer.analyzeCreateTable(SemanticAnalyzer.java:10198)
>       at 
> org.apache.hadoop.hive.ql.parse.SemanticAnalyzer.analyzeInternal(SemanticAnalyzer.java:9405)
>       at 
> org.apache.hadoop.hive.ql.parse.BaseSemanticAnalyzer.analyze(BaseSemanticAnalyzer.java:208)
>       at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:402)
>       at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:298)
>       at org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:992)
>       at org.apache.hadoop.hive.ql.Driver.runInternal(Driver.java:1062)
>       at org.apache.hadoop.hive.ql.Driver.run(Driver.java:929)
>       at org.apache.hadoop.hive.ql.Driver.run(Driver.java:919)
>       at 
> org.apache.hadoop.hive.cli.CliDriver.processLocalCmd(CliDriver.java:246)
>       at org.apache.hadoop.hive.cli.CliDriver.processCmd(CliDriver.java:198)
>       at org.apache.hadoop.hive.cli.CliDriver.processLine(CliDriver.java:408)
>       at 
> org.apache.hadoop.hive.cli.CliDriver.executeDriver(CliDriver.java:781)
>       at org.apache.hadoop.hive.cli.CliDriver.run(CliDriver.java:675)
>       at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:614)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>       at java.lang.reflect.Method.invoke(Method.java:606)
>       at org.apache.hadoop.util.RunJar.run(RunJar.java:221)
>       at org.apache.hadoop.util.RunJar.main(RunJar.java:136)
> Caused by: 
> org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException:
>  Failed to retrieve roles for hrt_qa: Metastore Authorization api invocation 
> for remote metastore is disabled in this configuration.
>       at 
> org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLAuthorizationUtils.getPluginException(SQLAuthorizationUtils.java:416)
>       at 
> org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController.getRolesFromMS(SQLStdHiveAccessController.java:161)
>       at 
> org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController.initUserRoles(SQLStdHiveAccessController.java:142)
>       at 
> org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController.<init>(SQLStdHiveAccessController.java:96)
>       at 
> org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessControllerWrapper.<init>(SQLStdHiveAccessControllerWrapper.java:57)
>       at 
> org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory.createHiveAuthorizer(SQLStdHiveAuthorizerFactory.java:35)
>       at 
> org.apache.hadoop.hive.ql.session.SessionState.setupAuth(SessionState.java:624)
>       ... 26 more
> Caused by: MetaException(message:Metastore Authorization api invocation for 
> remote metastore is disabled in this configuration.)
>       at 
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_role_grants_for_principal_result$get_role_grants_for_principal_resultStandardScheme.read(ThriftHiveMetastore.java)
>       at 
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_role_grants_for_principal_result$get_role_grants_for_principal_resultStandardScheme.read(ThriftHiveMetastore.java)
>       at 
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_role_grants_for_principal_result.read(ThriftHiveMetastore.java)
>       at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
>       at 
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_role_grants_for_principal(ThriftHiveMetastore.java:3402)
>       at 
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_role_grants_for_principal(ThriftHiveMetastore.java:3389)
>       at 
> org.apache.hadoop.hive.metastore.HiveMetaStoreClient.get_role_grants_for_principal(HiveMetaStoreClient.java:1571)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>       at java.lang.reflect.Method.invoke(Method.java:606)
>       at 
> org.apache.hadoop.hive.metastore.RetryingMetaStoreClient.invoke(RetryingMetaStoreClient.java:90)
>       at com.sun.proxy.$Proxy9.get_role_grants_for_principal(Unknown Source)
>       at 
> org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController.getRoleGrants(SQLStdHiveAccessController.java:170)
>       at 
> org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAccessController.getRolesFromMS(SQLStdHiveAccessController.java:148)
>       ... 31 more
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (HIVE-8045) SQL standard auth with cli - Errors and configuration issues

Reply via email to