Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-5355

Sentry Privileges and roles updated in the wrong order on impala restart

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • Impala 2.3.0, Impala 2.5.0, Impala 2.4.0, Impala 2.6.0, Impala 2.7.0, Impala 2.8.0
    • Impala 2.10.0
    • Catalog
    • None
    • ghx-label-8

    Description

      1) Login as 'hive' (cdep_global_admin), and run below query to update this role:
      >grant role cdep_global_admin to group abc;

      2. 2) now restart any Impala daemons (but do not restart Catalog), still login as 'hive', we got authorization errors:
      [anuj.gce.cloudera.com:21000] > show tables;
      Query: show tables
      ERROR: AuthorizationException: User 'hive@GCE.CLOUDERA.COM' does not have privileges to access: default.

      This error gets printed when role is null.
      https://github.com/apache/incubator-impala/blob/master/fe/src/main/java/org/apache/impala/catalog/ImpaladCatalog.java#L271

      https://github.com/apache/incubator-impala/blob/master/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java#L123

      Attachments

        Issue Links

          Activity

            People

              tarasbob Taras Bobrovytsky
              anujphadke Anuj Phadke
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: