Why Do Ranger Authentication and ACL Authentication Fail?
Question
The following errors are reported during query or table creation:
- Failed to use Ranger authentication.
org.apache.ranger.authorization.spark.authorizer.SparkAccessControlException: Permission denied: user [username] does not have [SELECT] privilege on [databasename/tablename]
- Failed to use ACL authentication.
org.apache.hadoop.security.AccessControlException: Permission denied
Causes
- User permissions to use authentication modes are not configured.
- The corresponding authentication mode is not used after the user permission is configured: ACL authentication is used after the Ranger access permission policy for Spark is added, or Ranger authentication is used after the ACL access permission policy is added.
Solution
- Check the current authentication mode.
Method 1: Check the spark.ranger.plugin.authorization.enable value in the spark-defaults.conf configuration file. true indicates that Ranger authentication is used, and false indicates that ACL authentication is used.
Method 2: Run the set spark.ranger.plugin.authorization.enable command in the Spark application. If the command output is true, Ranger authentication is used. If the command output is false, ACL authentication is used.
- Configure the access permission policy.
For details about the Ranger access permission policy, see Adding a Ranger Access Permission Policy for Spark.
For details about the ACL access permission policy, see SparkSQL Permission Management(Security Mode).
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
