Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
Impala 2.1, Impala 2.2, Impala 2.3.0
-
None
-
None
Description
Create a directory with upper case then grant all URI permission to a role, then try to create table and set location to a subdir under the URI via Impala. create table will fail with ERROR: AuthorizationException: User 'systest@HALXG.CLOUDERA.COM' does not have privileges to access: hdfs://c2302.halxg.cloudera.com:8020/tmp/ABC/hh
step to reproduce:
sudo -u hdfs hdfs dfs -mkdir /tmp/ABC/hh grant all on URI '/tmp/ABC' to role test_sentry; create external table test(col int) location '/tmp/ABC/hh';
Catalog is actually storing a lower cased version of uri when doing a grant. And also sending a lower cased version of uri when requesting privileges from Sentry. So looks like two things have to be fixed in Impala
1) Role.java -> Change cache to case sensitive for privilege map.
2) RolePrivilege.java -> URIs should not be lower cased: http://github.mtv.cloudera.com/CDH/Impala/blob/cdh5-trunk/fe/src/main/java/com/cloudera/impala/catalog/RolePrivilege.java#L104