Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
How to re-produce the issue:
1. Assuming Sentry HDFS Sync enabled
2. Create sentry admin user, grant correct group and server level access for this user:
GRANT ALL ON SERVER serve1 TO ROLE ericlin;
3. Confirmed that the new user can access all databases and tables, including READ and WRITE
4. Do the following simple hdfs command:
hadoop fs -mkdir /user/hive/warehouse/ericlin mkdir: Permission denied: user=ericlin, access=WRITE, inode="/user/hive/warehouse":hive:hive:drwxrwx--x hadoop fs -ls /user/hive/warehouse/ ls: Permission denied: user=ericlin, access=READ_EXECUTE, inode="/user/hive/warehouse":hive:hive:drwxrwx--x
Same for other databases:
hadoop fs -ls /user/hive/warehouse/test.db
ls: Permission denied: user=ericlin, access=READ_EXECUTE, inode="/user/hive/warehouse/test.db":hive:hive:drwxrwx--x
getfacl shows the new user has no access to the warehouse directory:
hadoop fs -getfacl /user/hive/warehouse # file: /user/hive/warehouse # owner: hive # group: hive user::rwx user:hive:rwx group::--- group:hive:rwx mask::rwx other::--x
The only way is to grant database or table permissions for the admin user.