Sentry列访问限制

时间:2018-01-29 02:26:21

标签: hadoop hive mapr apache-sentry

我正在测试sentry以限制角色的列访问权限以访问mapr群集上的hive表中的ssn列。我无法撤消该特定列的访问权限。以下错误消息抱怨ADMIN_role不存在。我已验证我的策略文件管理员角色确实存在。请告知我是否遗漏了任何内容。

beeline> !connect jdbc:hive2://10.20.30.195:10000 mapr mapr
Connecting to jdbc:hive2://10.20.30.195:10000
Connected to: Apache Hive (version 2.1.1-mapr-1710)
Driver: Hive JDBC (version 2.1.1-mapr-1710)
18/01/28 13:41:31 [main]: WARN jdbc.HiveConnection: Request to set 
autoCommit to false; Hive does not support autoCommit=false.
Transaction isolation: TRANSACTION_REPEATABLE_READ
0: jdbc:hive2://10.20.30.195:10000> REVOKE SELECT(ssn) ON TABLE 
db3.employee FROM ROLE managers_role;
Error: Error while processing statement: FAILED: Execution Error, 
return code 1 from 
org.apache.hadoop.hive.ql.exec.SentryFilterDDLTask. Error when 
sentryClient grant/revoke privilege:Privilege: [ 
server=psnode195.ps.lab,db=db3,table=employee,URI=,action=SELECT] 
doesn't exist.. Server Stacktrace: 
org.apache.sentry.provider.db.SentryNoSuchObjectException: Role: 
managers_role doesn't exist
existatorg.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleRevokePrivilegeCore(SentryStore.java:541)
at org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleRevokePrivileges(SentryStore.java:519)
at org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_revoke_privilege(SentryPolicyStoreProcessor.java:345)
at org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$alter_sentry_role_revoke_privilege.getResult(SentryPolicyService.java:1073)
at org.apache.sentry.provider.db.service.thrift.SentryPolicyService$Processor$alter_sentry_role_revoke_privilege.getResult(SentryPolicyService.java:1058)
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
at org.apache.sentry.provider.db.service.thrift.SentryProcessorWrapper.process(SentryProcessorWrapper.java:35)
at org.apache.thrift.TMultiplexedProcessor.process(TMultiplexedProcessor.java:123)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:285)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748) (state=08S01,code=1)

0 个答案:

没有答案