4

I have data in an encrypted zone in HDFS. I can read data with hive user, but when I create a hive table and try to query it via beeline I get this exception:

Error: java.io.IOException: java.io.IOException: No KeyProvider is configured, cannot access an encrypted file (state=,code=0)

Does anyone know what's wrong? I'm using HDP 2.4.

facha
  • 11,862
  • 14
  • 59
  • 82
  • Where is the location of the table are you accessing? Is it in the warehouse? Is warehouse inside encryption zone? Does your hive user has an access to the key of the encrypted zone? – Alex Mar 08 '17 at 18:17
  • I've tried creating a table both as managed and external table. Neither worked. Hive user has access to the key. I've set all possible permissions for hive in ranger kms. I think this is not an issue since I'm able to read data from encrypted zone with hive user using hdfs dfs commands. – facha Mar 08 '17 at 18:34

1 Answers1

0

Not entirely sure if this was the issue (you seem to have run into it a few years ago), but it is important to understand the following:

Hive data is stored on HDFS

However, the security policies for HDFS and Hive may be different.

In fact it is recommended that you do NOT give hdfs level permissions to anyone for the warehouse directory, and use ranger to give out permissions on the SQL level only to the databases and tables which live there.

As a result you might have been comparing apples to pears (trying to validate access by doing a hdfs read, and then using beeline to do a table read which goes via different security policies).

Dennis Jaheruddin
  • 21,208
  • 8
  • 66
  • 122