[IMPALA-5355] Sentry Privileges and roles updated in the wrong order on impala restart - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: Impala 2.3.0, Impala 2.5.0, Impala 2.4.0, Impala 2.6.0, Impala 2.7.0, Impala 2.8.0
Fix Version/s: Impala 2.10.0
Component/s: Catalog
Labels:
None

Epic Color:
ghx-label-8

Description

1) Login as 'hive' (cdep_global_admin), and run below query to update this role:
>grant role cdep_global_admin to group abc;

2. 2) now restart any Impala daemons (but do not restart Catalog), still login as 'hive', we got authorization errors:
[anuj.gce.cloudera.com:21000] > show tables;
Query: show tables
ERROR: AuthorizationException: User 'hive@GCE.CLOUDERA.COM' does not have privileges to access: default.

This error gets printed when role is null.
https://github.com/apache/incubator-impala/blob/master/fe/src/main/java/org/apache/impala/catalog/ImpaladCatalog.java#L271

https://github.com/apache/incubator-impala/blob/master/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java#L123

Attachments

Issue Links

breaks

IMPALA-5469 IllegalStateException while processing catalog update in the Impalad

Resolved

Activity

People

Assignee:: Taras Bobrovytsky

Reporter:: Anuj Phadke

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 24/May/17 00:06

Updated:: 14/Jun/17 16:20

Resolved:: 07/Jun/17 21:25