You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Vadim Spector (JIRA)" <ji...@apache.org> on 2017/02/08 22:20:41 UTC
[jira] [Commented] (SENTRY-939) Provide a configuration to be able
to fall back to orginal HDFS user:group when NN has stale sentry
permissions
[ https://issues.apache.org/jira/browse/SENTRY-939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15858622#comment-15858622 ]
Vadim Spector commented on SENTRY-939:
--------------------------------------
Hi Sravya, I wonder why this JIRA is still open since you say there is a way of doing it by using the property "sentry.authorization-provider.include-hdfs-authz-as-acl". Does this mechanism not work as expected? Is this JIRA duplicate to https://issues.apache.org/jira/browse/SENTRY-1418)? Thanks!
> Provide a configuration to be able to fall back to orginal HDFS user:group when NN has stale sentry permissions
> ---------------------------------------------------------------------------------------------------------------
>
> Key: SENTRY-939
> URL: https://issues.apache.org/jira/browse/SENTRY-939
> Project: Sentry
> Issue Type: Bug
> Affects Versions: 1.4.0
> Reporter: Sravya Tirukkovalur
> Assignee: Sravya Tirukkovalur
> Fix For: 1.8.0
>
>
> Seems like some sentry users have a batch id for each application which creates the directory, ingests the data, then creates a table/partition over it. So the batch id is the the original owner of this directory.
> When NN has stale permissions during the time it cannot talk to Sentry (if sentry is down), falling back to hive:hive blocks everyone it would be helpful if at least this batch id has access otherwise ingest pipelines may break during this time. So would be helpful to provide a way to configure this behavior.
> - This does not entail ACLS.
> - We should add hive:hive as acl to make sure hive has access
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)