Currently SentryAuthorizationProvider rejects setter calls to Sentry-managed paths, and issue an error message when enabled.
There are two issues:
1. When creating a file or dir, the parent dir's group will be set to the newly created file/dir, this is supposed to be logged to fsimage in-memory representation, but because the rejection of Sentry, it's not.
2. (as an example) When user issue a setOwner call via the following RPC:
Two calls are executed in the deep stack:
The first call is the one gets rejected by Sentry, however, the second one still updates the entry to Edit log. This would indicate an inconsistency between in-memory representation of the attribute and what's recorded on edit log.
Creating this jira to make SentryAuthorizationProvider always fallthrough to write to HDFS, and issue a warning msg when it "rejects" (for Sentry-managed paths).