Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-5355

Sentry Privileges and roles updated in the wrong order on impala restart

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: Impala 2.3.0, Impala 2.5.0, Impala 2.4.0, Impala 2.6.0, Impala 2.7.0, Impala 2.8.0
    • Fix Version/s: Impala 2.10.0
    • Component/s: Catalog
    • Labels:
      None
    • Epic Color:
      ghx-label-8

      Description

      1) Login as 'hive' (cdep_global_admin), and run below query to update this role:
      >grant role cdep_global_admin to group abc;

      2. 2) now restart any Impala daemons (but do not restart Catalog), still login as 'hive', we got authorization errors:
      [anuj.gce.cloudera.com:21000] > show tables;
      Query: show tables
      ERROR: AuthorizationException: User 'hive@GCE.CLOUDERA.COM' does not have privileges to access: default.

      This error gets printed when role is null.
      https://github.com/apache/incubator-impala/blob/master/fe/src/main/java/org/apache/impala/catalog/ImpaladCatalog.java#L271

      https://github.com/apache/incubator-impala/blob/master/fe/src/main/java/org/apache/impala/catalog/AuthorizationPolicy.java#L123

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tarasbob Taras Bobrovytsky
                Reporter:
                anujphadke Anuj Phadke
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: