This article discusses an issue where granting permissions to roles for Spark applications results in a syntax error.
- DataStax Enterprise 5.1 (or later)
Attempts to grant DSE Resource Manager permissions in
cqlsh fails. For example:
cqlsh> GRANT EXECUTE ON REMOTE OBJECT DseResourceManager TO role_spark; SyntaxException: Resource type RpcResource does not support any of the requested permissions
cqlsh> GRANT ALL ON REMOTE OBJECT DseResourceManager TO role_spark; InvalidRequest: Error from server: code=2200 [Invalid query] message="Resource <rpc object DseResourceManager> doesn't exist"
One of the new security features in DSE 5.1 is role-based access control (RBAC). When DSE Unified Authentication and Authorization is enabled, extra steps are required to grant access to database resources. Roles need to be authorized to access the DSE Resource Manager and run Spark applications.
Database resources such as
DseResourceManager are exclusive to DSE nodes running in Analytics mode. DSE nodes running in pure-Cassandra and/or Search mode do not have knowledge of Analytics resources and so cannot grant permissions to these database resources.
When granting Spark application permissions, logon to a node running in Analytics mode. This will allow a superuser to authorise access via