Presto error in Superset
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	cchen
	Oct 8 2021, 10:15 PM

Description

@JAnstee_WMF ran into this error Presto permission denied error when using the editor dashboard in Superset.

screenshot-superset.wikimedia.org-2021.10.04-13_54_36.png (4×2 px, 1019 KB)

Also when trying to preview mediawiki_user_groups

screenshot-superset.wikimedia.org-2021.10.12-12_50_41.png (991×1 px, 474 KB)

According to https://phabricator.wikimedia.org/T266249, she's already in the analytics-privatedata-users group.

Related Objects

Mentioned Here: T298647: Fix the LDAP integration and Superset user account creation.
T266249: Requesting access to production shell groups for JAnstee

Event Timeline

cchen created this task.Oct 8 2021, 10:15 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 8 2021, 10:15 PM

JAnstee_WMF updated the task description. (Show Details)Oct 12 2021, 7:53 PM

odimitrijevic assigned this task to • razzi.Oct 18 2021, 4:44 PM

odimitrijevic triaged this task as High priority.

odimitrijevic moved this task from Incoming to Ops Week on the Analytics board.

• razzi added a project: User-razzi.Oct 19 2021, 4:28 PM

Hi @JAnstee_WMF, that is a strange error indeed! As far as I can tell you have all the right permissions.

I can't reproduce from here. Can you ping me on IRC or on Slack and we can try and troubleshoot real time?

Thanks!

odimitrijevic added projects: Data-Engineering, Data-Engineering-Kanban.Nov 4 2021, 2:43 PM

odimitrijevic moved this task from Incoming to Visualize on the Data-Engineering board.Nov 4 2021, 4:45 PM

BTullis added a subscriber: BTullis.Nov 4 2021, 4:46 PM

Weird! Okay, Jaime's account entry in the superset database was incorrect, and specifically, her username was her LDAP CommonName instead of her lowercase only shell username, which caused authentication with HDFS to fail. I edited her user account and fixed her records, and now it works for her.

I think her account was created way before we had the CAS based single sign on, and the LDAP integration was a bit iffy. There are a lot of other superset accounts that look weird too (e.g. have email address @email.notfound or Last Name '-'). Most of these have lowercase shell names, so probably just work, but many don't.

@razzi, let's be on the lookout for other issues like this, its possible others have this problem too.

Ottomata moved this task from Next Up to Done on the Data-Engineering-Kanban board.Nov 16 2021, 7:33 PM

Thanks again, @Ottomata!

I think that we should either 1) make another ticket or 2) re-title this ticket to follow this up by fixing the LDAP integration and Superset user account creation.

For new users, myself included, the account created in Superset is missing information. I have since corrected my own record.

The lower case ldap username that is used for successful authentication ends up being put into the First Name field, as well as the User Name field of the newly created account.
It is also used for the first part of the amail address. It should only be used for the User Name field.

See the following screenshot for examples:

I think that it would be a significant improvement for Superset to:

Get this LDAP record -> User record mapping working again
Check and fix the existing Superset user records

Yeah a new task maybe makes sense.

Opened https://phabricator.wikimedia.org/T298647 as followup task.

odimitrijevic closed this task as Resolved.Jan 5 2022, 6:32 PM

	F34686456: screenshot-superset.wikimedia.org-2021.10.12-12_50_41.png
	Oct 12 2021, 7:53 PM

	F34679668: screenshot-superset.wikimedia.org-2021.10.04-13_54_36.png
	Oct 8 2021, 10:15 PM

	F34761739: image.png
	Nov 22 2021, 2:55 PM

Presto error in SupersetClosed, ResolvedPublicActions

Description

Related Objects

Event Timeline

Presto error in Superset
Closed, ResolvedPublic
Actions