Details
Description
Apache Ranger is framework for providing security and authorization in hadoop platform.
Impala can also utilize apache ranger via ranger hive policy.
The thing is that insert or some other query is not executed even If you enable ranger hdfs plugin and set proper allow condition for impala query excuting.
you can see error log like below.
AnalysisException: Unable to INSERT into target table (testdb.testtable) because Impala does not have WRITE access to HDFS location: hdfs://testcluster/warehouse/testdb.db/testtable
This happens when ranger hdfs plugin is enabled but impala doesn't have permission for hdfs POSIX permission.
For example, In the case that DB file owner, group and permission is set as hdfs:hdfs r-xr-xr-- and ranger plugin policy(hdfs, hive and impala) allows impala to execute query, Insert Query will be fail.
In my opinion, The main cause is impala fe component doesn't check ranger policy but hdfs POSIX model permissions.
Similar issue : https://issues.apache.org/jira/browse/IMPALA-10272
I'm working on resolving this issue by adding hdfs ranger policy checking code.
Attachments
Issue Links
- duplicates
-
IMPALA-11871 INSERT statement does not respect Ranger policies for HDFS
- Resolved
- relates to
-
IMPALA-10272 LOAD DATA should respect Ranger-HDFS policies
- Resolved
- links to