Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Incomplete
-
2.2.0
-
None
Description
Spark thrift server can not impersonate user in kerberos environment.
I launch spark thrift server in* yarn-client mode by user *hive ,which is allowed to impersonate other user.
User* jt_jzyx_project7* submit sql statement to query its own table located in hdfs catalog: /user/jt_jzyx_project7, and happened errors:
Permission denied: user=hive, access=EXECUTE, inode="/user/jt_jzyx_project7":hdfs:jt_jzyx_project7:drwxrwx---:user:g_dcpt_project1:rwx,group::rwx
obviously, spark thrift server didn't proxy user: jt_jzyx_project7 in hdfs.
And this happened task stage, which means it pass the hive authorization.