Ming Zhu created RANGER-3188:
--------------------------------
Summary: HiveServer log showed Authentication Failed
Key: RANGER-3188
URL: https://issues.apache.org/jira/browse/RANGER-3188
Project: Ranger
Issue Type: Bug
Components: Ranger
Affects Versions: 2.1.0
Environment: Hive Version: 3.1.2
Ranger: 2.1
os: centos
Reporter: Ming Zhu
When I create a table on AWS EMR 6.2 which shows the following error message.
But eventually create success.
Although does not affect the use but I really want to know why.:)
2021-02-24T06:14:41,059 ERROR [925310d9-d40a-437a-af54-eeec38b2c8d5
HiveServer2-Handler-Pool: Thread-103([])]: client.RangerAdminRESTClient
(RangerAdminRESTClient.java:getUserRoles(434)) - getUserRoles() failed: HTTP
status=401, message=Authentication Failed, isSecure=false
2021-02-24T06:14:41,078 ERROR [925310d9-d40a-437a-af54-eeec38b2c8d5
HiveServer2-Handler-Pool: Thread-103([])]: authorizer.RangerHiveAuthorizer
(RangerHiveAuthorizer.java:initUserRoles(322)) - Error while fetching roles
from ranger for user : hadoop
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAuthzPluginException:
org.apache.hadoop.security.AccessControlException: Permission denied.
at
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getCurrentRoleNamesFromRanger(RangerHiveAuthorizer.java:365)
~[ranger-hive-plugin-2.1.0.jar:2.1.0]
at
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.initUserRoles(RangerHiveAuthorizer.java:320)
[ranger-hive-plugin-2.1.0.jar:2.1.0]
at
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getCurrentRoles(RangerHiveAuthorizer.java:329)
[ranger-hive-plugin-2.1.0.jar:2.1.0]
at
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:785)
[ranger-hive-plugin-2.1.0.jar:2.1.0]
at org.apache.hadoop.hive.ql.Driver.doAuthorizationV2(Driver.java:1307)
[hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:1071)
[hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:698)
[hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:1826)
[hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1773)
[hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1768)
[hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at
org.apache.hadoop.hive.ql.reexec.ReExecDriver.compileAndRespond(ReExecDriver.java:126)
[hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at
org.apache.hive.service.cli.operation.SQLOperation.prepare(SQLOperation.java:197)
[hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at
org.apache.hive.service.cli.operation.SQLOperation.runInternal(SQLOperation.java:260)
[hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at org.apache.hive.service.cli.operation.Operation.run(Operation.java:247)
[hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at
org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementInternal(HiveSessionImpl.java:541)
[hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at
org.apache.hive.service.cli.session.HiveSessionImpl.executeStatement(HiveSessionImpl.java:516)
[hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_272]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_272]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_272]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_272]
at
org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:78)
[hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at
org.apache.hive.service.cli.session.HiveSessionProxy.access$000(HiveSessionProxy.java:36)
[hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at
org.apache.hive.service.cli.session.HiveSessionProxy$1.run(HiveSessionProxy.java:63)
[hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at java.security.AccessController.doPrivileged(Native Method) [?:1.8.0_272]
at javax.security.auth.Subject.doAs(Subject.java:422) [?:1.8.0_272]
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1730)
[hadoop-common-3.2.1-amzn-2.jar:?]
at
org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:59)
[hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at com.sun.proxy.$Proxy68.executeStatement(Unknown Source) [?:?]
at
org.apache.hive.service.cli.CLIService.executeStatement(CLIService.java:282)
[hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at
org.apache.hive.service.cli.thrift.ThriftCLIService.ExecuteStatement(ThriftCLIService.java:563)
[hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at
org.apache.hive.service.rpc.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1557)
[hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at
org.apache.hive.service.rpc.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1542)
[hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
[hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
[hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at
org.apache.hive.service.auth.TSetIpAddressProcessor.process(TSetIpAddressProcessor.java:56)
[hive-service-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at
org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:286)
[hive-exec-3.1.2-amzn-3.jar:3.1.2-amzn-3]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
[?:1.8.0_272]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
[?:1.8.0_272]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_272]
Caused by: org.apache.hadoop.security.AccessControlException: Permission denied.
at
org.apache.ranger.admin.client.RangerAdminRESTClient.getUserRoles(RangerAdminRESTClient.java:437)
~[?:?]
at
org.apache.ranger.plugin.service.RangerBasePlugin.getUserRoles(RangerBasePlugin.java:489)
~[?:?]
at
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.getCurrentRoleNamesFromRanger(RangerHiveAuthorizer.java:351)
~[?:?]
... 38 more
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
