[
https://issues.apache.org/jira/browse/RANGER-1865?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16226212#comment-16226212
]
chuanjie.duan commented on RANGER-1865:
---------------------------------------
It is a external table, but i dont think it about permission, it hasnt done
authentication(I mean login). No login and cannot access namenode, so popup
error(ConnectException: Call From hostname/ipaddress to hiveserver host:9000
failed on connection exception). Futhermore, my hive table partition's location
is user home dir, so the user should have right hdfs permission.
> hive plugin alter table add partition failed HiveAccessControlException
> Permission denied: user does not have [READ] privilege on location
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-1865
> URL: https://issues.apache.org/jira/browse/RANGER-1865
> Project: Ranger
> Issue Type: Bug
> Components: plugins
> Affects Versions: 0.6.3
> Reporter: chuanjie.duan
> Priority: Critical
> Labels: hive-agent
> Attachments: RANGER-1865.patch
>
>
> hive execute insert sql:alter table tablename add if not exists
> partition(yyyymmdd='20170911',ds='rcc_02') location
> 'hdfs://xxxx/yyyymmdd=20170911/ds=rcc_02'
> Client Log:
> org.apache.hive.service.cli.HiveSQLException: Error while compiling
> statement: FAILED: HiveAccessControlException Permission denied: user
> [username] does not have [READ] privilege on
> [hdfs://xxxx/yyyymmdd=20170911/ds=rcc_02]
> Hiveserver Log:
> 017-10-27 16:53:26,929 ERROR [HiveServer2-Handler-Pool: Thread-43]:
> authorizer.RangerHiveAuthorizer
> (RangerHiveAuthorizer.java:isURIAccessAllowed(1034)) - Error getting
> permissions for hdfs://xxxx/yyyymmdd=20170911/ds=rcc_02
> java.net.ConnectException: Call From hostname/ipaddress to hiveserver
> host:9000 failed on connection exception: java.net.ConnectException:
> Connection refused; For more details see:
> http://wiki.apache.org/hadoop/ConnectionRefused
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
> at org.apache.hadoop.net.NetUtils.wrapWithMessage(NetUtils.java:792)
> at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:732)
> at org.apache.hadoop.ipc.Client.call(Client.java:1480)
> at org.apache.hadoop.ipc.Client.call(Client.java:1407)
> at
> org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:229)
> at com.sun.proxy.$Proxy12.getFileInfo(Unknown Source)
> at
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getFileInfo(ClientNamenodeProtocolTranslatorPB.java:771)
> at sun.reflect.GeneratedMethodAccessor10.invoke(Unknown Source)
> Cause:
> Hive security enabled kerberos, hive plugin access hdfs should do
> authentication first.
>
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
