You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Peter Vary (JIRA)" <ji...@apache.org> on 2018/06/13 14:04:00 UTC

[jira] [Commented] (HIVE-19870) HCatalog dynamic partition query can fail, if the table path is managed by Sentry

    [ https://issues.apache.org/jira/browse/HIVE-19870?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16511181#comment-16511181 ] 

Peter Vary commented on HIVE-19870:
-----------------------------------

After HIVE-16392, I think a good solution for master, and branch3 is to remove the applying of the permissions (See: HIVE-19870.2.patch). What do you think [~stakiar]?

> HCatalog dynamic partition query can fail, if the table path is managed by Sentry
> ---------------------------------------------------------------------------------
>
>                 Key: HIVE-19870
>                 URL: https://issues.apache.org/jira/browse/HIVE-19870
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Peter Vary
>            Assignee: Peter Vary
>            Priority: Major
>         Attachments: HIVE-19870.2.patch, HIVE-19870.patch
>
>
> The central issue is that HCatalog is assuming it needs to handle the storage based authorization features. When a job completes, in HCatalog's file committing phase it tries to manually set the permissions for the table for authorization's sake, which makes it go against auto-authorization managment features provided by Sentry.
> The offending code is specifically at [https://github.com/apache/hive/blob/master/hcatalog/core/src/main/java/org/apache/hive/hcatalog/mapreduce/FileOutputCommitterContainer.java#L373-L374]
> and
> [https://github.com/apache/hive/blob/master/hcatalog/core/src/main/java/org/apache/hive/hcatalog/mapreduce/FileOutputCommitterContainer.java#L380-L385]
> and
> [https://github.com/apache/hive/blob/master/hcatalog/core/src/main/java/org/apache/hive/hcatalog/mapreduce/FileOutputCommitterContainer.java#L952-L954]
> where you can notice that _after_ it moves the files created by the job into their respective partition directories under the final table destination, it goes onto trying to perform chmod/chgrp operations which will fail out



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)