You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sentry.apache.org by zhiyu zeng <le...@gmail.com> on 2020/03/15 05:20:50 UTC

When Sentry sync is turned on, Hdfs access via java client prompts no permissions

Hi

Thank you for viewing my question and hope to get reply.


Enviroment：

CDH6.1.1

Sentry: 2.1.0+cdh6.1.1

user、user group、role：zhi_user、zhi_group、zhi_role


I created a external table, then load data into it. The file directory on
hdfs is /user/hive/warehouse/ssb.db


1、Authorized role in hive with grant command

2、Check the corresponding hdfs directory, there is already zhi_group

3、On Linux, the user zhi_user can also access the hdfs directory
corresponding to ssb.

4、However, using the java client to access the hdfs directory prompts no
permission.

5、hadoop fs -setfacl -R -m "group: zeng_group: rx"
/user/hive/warehouse/ssb.db

After this command is authorized again, there is no problem, but the key is
that the hive acl synchronization has been turned on. Authorized, you
should be able to access it after synchronization, you should no longer
need to use setfacl for authorization.