Ok yes when I enter dale into the Ranger policy then the databases are returned!
However the “Test Connection” still fails. Is that ok? I notice there aren’t any Kerberos properties in the set up. Maybe it requires some additional properties from the hive-site.xml? Thanks. From: Selvamohan Neethiraj [mailto:sneethi...@hortonworks.com] On Behalf Of Selvamohan Neethiraj Sent: 15 June 2016 18:40 To: user@ranger.incubator.apache.org Subject: Re: Hive Plugin - Unable to execute SQL [show databases like "*" Hi Dale, Do you have any ranger policy granting permission for any database/table/column objects for dale ? You need some permission on database to be able to list the database using ‘SHOW DATABASES’ command. Please add a policy to grant permission to VIEW some table in the default database and see if the error goes away …. Thanks, Selva- From: Dale Bradman <da...@profusion.com<mailto:da...@profusion.com>> Reply-To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Date: Wednesday, June 15, 2016 at 1:07 PM To: "user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>" <user@ranger.incubator.apache.org<mailto:user@ranger.incubator.apache.org>> Subject: Hive Plugin - Unable to execute SQL [show databases like "*" Trying to configure the HIVE plugin for Kerberised, HA, HDP 2.4.2. Advanced ranger-hive-plugin-properties: Ranger repository config user = rangerrepouser@AD.EXAMPLE<mailto:rangerrepouser@AD.EXAMPLE> Ranger repository config password = password common.name.for.certificate = jdbc.driverClassName= org.apache.hive.jdbc.HiveDriver Policy user for HIVE = ambari-qa Ranger Hive pluging configs: Username = rangerrepouser@MAILTRACK.LOCAL<mailto:rangerrepouser@MAILTRACK.LOCAL> Password = password jdbc.driverClassName= org.apache.hive.jdbc.HiveDriver jdbc.url = jdbc:hive2://hdpmaster01:10000/default;principal=hive/hdpmaster01@AD.EXAMPLE<mailto:principal=hive/hdpmaster01@AD.EXAMPLE> 2016-06-15 17:47:01,270 [timed-executor-pool-0] INFO org.apache.ranger.plugin.client.BaseClient (BaseClient.java:100) - Init Login: using username/password 2016-06-15 17:47:01,377 [timed-executor-pool-0] INFO apache.ranger.services.hive.client.HiveClient (HiveClient.java:66) - Secured Mode: JDBC Connection done with preAuthenticated Subject 2016-06-15 17:47:01,492 [timed-executor-pool-0] ERROR apache.ranger.services.hive.client.HiveResourceMgr (HiveResourceMgr.java:51) - <== HiveResourceMgr.testConnection Error: org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"]. 2016-06-15 17:47:01,493 [timed-executor-pool-0] ERROR org.apache.ranger.services.hive.RangerServiceHive (RangerServiceHive.java:58) - <== RangerServiceHive.validateConfig Error:org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"]. 2016-06-15 17:47:01,493 [timed-executor-pool-0] ERROR org.apache.ranger.biz.ServiceMgr$TimedCallable (ServiceMgr.java:434) - TimedCallable.call: Error:org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"]. 2016-06-15 17:47:01,494 [http-bio-6080-exec-12] ERROR org.apache.ranger.biz.ServiceMgr (ServiceMgr.java:120) - ==> ServiceMgr.validateConfig Error:java.util.concurrent.ExecutionException: org.apache.ranger.plugin.client.HadoopException: Unable to execute SQL [show databases like "*"]. I can successfully connect to beeline using: $ beeline -u 'jdbc:hive2://hdpmaster01:10000/default;principal=hive/hdpmaster01@AD.EXAMPLE<mailto:principal=hive/hdpmaster01@AD.EXAMPLE>’ But then if I do ‘SHOW DATABASES’, I see the following error: Error: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [dale] does not have [USE] privilege on [null] (state=42000,code=40000) Any ideas how to get this working? Thanks, Dale
