Permission denied: user=rangerlookup Ranger配置hive 插件报错解决
文章目录
一、Ranger测试连接hivedev报错如下
org.apache.ranger.plugin.client.HadoopException: listFilesInternal: Unable to get listing of files for directory /null] from Hadoop environment [hadoopdev]..
org.apache.ranger.authorization.hadoop.exceptions.RangerAccessControlException: Permission denied: user=rangerlookup, access=READ_EXECUTE, inode="/"
期间尝试重启,换版本都未解决
二、解决思路查看Rangeradmin日志
日志位置/ews/logs/
看到如下报错
org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:345) - Request failed. loginId=hive, logMessage=User doesn't have permission to download UserGroupRoles
日志可以看出是Ranger配置没有问题,是下载策略没有权限
三、解决方法
3.1 解决方式一
更改hive用户为admin角色
如果不给hivea dmin权限ranger是下载不了策略的报错如下
org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:345) - Request failed. loginId=hive, logMessage=User doesn't have permission to download UserGroupRoles
3.2 解决方法二
授权下载策略用户为hive
打开ranger
加入如下配置
policy.download.auth.users hive