User hdfs not allowed to do DECRYPT EEK on key

0 votes

hi Team,

I was using hadoop cli command below is my command in HA ranger kms environment

sudo -u hdfs hadoop distcp /tmp /zone1

Caused by: org.apache.hadoop.security.authorize.AuthorizationException: User:hdfs not allowed to do 'DECRYPT_EEK' on 'key'.

I added the policy as well for user hdfs .

I added policy as well.What i am missing.i came across different blog everyone talks abt  adding policy.i added but its nt helping me .Please pour suggestion.

Nov 19, 2020 in Big Data Hadoop by Shilpa S
• 450 points

edited Nov 19, 2020 by Shilpa S 231 views

1 answer to this question.

0 votes
Best answer

Hi@Shilpa,

I don't think you have given permission to HDFS user. You need to add an HDFS user in Ranger KMS for the given policy and provide appropriate permission.

answered Nov 20, 2020 by MD
• 95,160 points

selected Nov 21, 2020 by Shilpa S