Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
Impala 2.2, Impala 2.3.0, Impala 2.5.0, Impala 2.4.0, Impala 2.6.0
-
None
Description
Currently we use the OS username which spawns the catalog process to interact with Sentry [1]. In kerberized clusters, this should be extracted from the principal. In most CM managed clusters, this shouldn't matter, as both the usernames are same. However some setups may not choose to use this default config.
Workaround: Grant the OS username the required super user permissions till this is fixed.
<property> <name>hadoop.user.group.static.mapping.overrides</name> <value><username>=<SENTRY_ADMIN_GROUP></value> </property>