Reputation: 111
Presto - Ranger Issue with Hive Connector
We have a Presto(Version - 323-E.8) connector with Ranger enabled CDP Hive3 cluster where I'm able to run the select query on existing Hive ORC foramatted tables but couldn't create or delete any views on Hive metastore. It's throwing permissions issue error and my admin has granted all the permissions to the user from Ranger & AD and I'm able to perform all the operations from beeline with same user on the server. Hive Properties:
*connector.name=hive-hadoop2
hive.metastore.uri=thrift://XXXXX
hive.views-execution.enabled=true
hive.metastore.authentication.type=KERBEROS
hive.metastore.service.principal=hive/_HOST@XXXX
hive.metastore.client.principal=XXXXX
hive.metastore.client.keytab=/abc/xxxx.keytab
hive.hdfs.wire-encryption.enabled=false
hive.metastore.thrift.impersonation.enabled=true
hive.config.resources=/etc/cdp/core-site.xml,/etc/cdp/hdfs-site.xml,/etc/cdp/hive-site.xml
hive.hdfs.authentication.type=KERBEROS
hive.hdfs.presto.principal=hdfs/_HOST@XXXXX
hive.hdfs.presto.principal=XXXX
hive.hdfs.presto.keytab=/abc/xxxx.keytab
hive.security=ranger
ranger.policy-rest-url=https://XXXXX:6182
ranger.service-name=cm_hive
ranger.authentication-type=KERBEROS
ranger.kerberos-principal=XXXX
ranger.kerberos-keytab=/abc/xxxx.keytab
ranger.plugin-policy-ssl-config-file=/abc/ssl-client.xml*
Error: io.prestosql.spi.PrestoException: Operation type CREATE_VIEW not allowed for user:XXXXX at io.prestosql.plugin.hive.metastore.thrift.ThriftHiveMetastore.createTable(ThriftHiveMetastore.java:1036) at io.prestosql.plugin.hive.metastore.thrift.BridgingHiveMetastore.createTable(BridgingHiveMetastore.java:184) at io.prestosql.plugin.hive.metastore.cache.CachingHiveMetastore.createTable(CachingHiveMetastore.java:524) at io.prestosql.plugin.hive.metastore.cache.CachingHiveMetastore.createTable(CachingHiveMetastore.java:524) at io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore$CreateTableOperation.run(SemiTransactionalHiveMetastore.java:2692) at io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore$Committer.executeAddTableOperations(SemiTransactionalHiveMetastore.java:1668) at io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore$Committer.access$1000(SemiTransactionalHiveMetastore.java:1282) at io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore.commitShared(SemiTransactionalHiveMetastore.java:1225) at io.prestosql.plugin.hive.metastore.SemiTransactionalHiveMetastore.commit(SemiTransactionalHiveMetastore.java:991) at io.prestosql.plugin.hive.HiveMetadata.commit(HiveMetadata.java:2408) at io.prestosql.plugin.hive.HiveConnector.commit(HiveConnector.java:202) at io.prestosql.transaction.InMemoryTransactionManager$TransactionMetadata$ConnectorTransactionMetadata.commit(InMemoryTransactionManager.java:595) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:125) at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:57) at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:78) at io.airlift.concurrent.BoundedExecutor.drainQueue(BoundedExecutor.java:78) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: org.apache.hadoop.hive.metastore.api.MetaException: Operation type CREATE_VIEW not allowed for user:XXXXX at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$create_table_result$create_table_resultStandardScheme.read(ThriftHiveMetastore.java:52658) at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$create_table_result$create_table_resultStandardScheme.read(ThriftHiveMetastore.java:52626) at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$create_table_result.read(ThriftHiveMetastore.java:52552) at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:86) at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_create_table(ThriftHiveMetastore.java:1490) at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.create_table(ThriftHiveMetastore.java:1477) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at io.prestosql.plugin.base.util.LoggingInvocationHandler.handleInvocation(LoggingInvocationHandler.java:60) at com.google.common.reflect.AbstractInvocationHandler.invoke(AbstractInvocationHandler.java:86) at com.sun.proxy.$Proxy370.create_table(Unknown Source) at io.prestosql.plugin.hive.metastore.thrift.ThriftHiveMetastoreClient.createTable(ThriftHiveMetastoreClient.java:161) at io.prestosql.plugin.hive.metastore.thrift.ThriftHiveMetastore.lambda$createTable$51(ThriftHiveMetastore.java:1024) at io.prestosql.plugin.hive.metastore.thrift.ThriftMetastoreApiStats.lambda$wrap$0(ThriftMetastoreApiStats.java:42) at io.prestosql.plugin.hive.util.RetryDriver.run(RetryDriver.java:130) at io.prestosql.plugin.hive.metastore.thrift.ThriftHiveMetastore.createTable(ThriftHiveMetastore.java:1022) ... 19 more
Upvotes: 0
Views: 1386
Answers (0)
Related Questions
- connecting both hive & cassandra to presto at same time
- Presto server fails to start with hive catalog
- presto + Hive Security Configuration
- Presto integration with hive is not working
- Hive standalone metastore: can connect from Presto, not from Beeline
- Presto and Hive
- Error Launching Presto Server while trying to access Hive
- Presto can't fetch content in HIVE table
- presto hive metastore connections
- Presto query fails to insert data into Hive