You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by "niklaus xiao (JIRA)" <ji...@apache.org> on 2015/09/25 09:20:04 UTC
[jira] [Issue Comment Deleted] (SENTRY-709) Refactor Sentry HDFS
Namenode Plugin to use HDFS INodeAttributesProvider
[ https://issues.apache.org/jira/browse/SENTRY-709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
niklaus xiao updated SENTRY-709:
--------------------------------
Comment: was deleted
(was: Hi, [~asuresh] I tried this patch and found that: when grant select privilege on a table to role role1 in default database the "show tables" command submitted by users in this role will failed because this user doesn't have READ privilege on path "/user/hive/warehouse" dir, acl of this path is:
{quote}
hdfs dfs -getfacl /user/hive/warehouse
15/09/25 10:15:07 INFO hdfs.PeerCache: SocketCache disabled.
# file: /user/hive/warehouse
# owner: hive
# group: hive
user::rwx
group::---
user:hive:rwx
group:hive:rwx
mask::rwx
other::--x
{quote}
Besides, the same issue happens even if database is not default.)
> Refactor Sentry HDFS Namenode Plugin to use HDFS INodeAttributesProvider
> ------------------------------------------------------------------------
>
> Key: SENTRY-709
> URL: https://issues.apache.org/jira/browse/SENTRY-709
> Project: Sentry
> Issue Type: Improvement
> Reporter: Arun Suresh
> Assignee: Arun Suresh
> Labels: integration, roadmap
> Attachments: SENTRY-709.1.patch, SENTRY-709.2.patch, SENTRY-709.2.patch
>
>
> Sentry HDFS namenode plugin uses a pre-committed version of the HDFS AuthorizationProvider interface. HADOOP 2.7.0 will ship with the new INodeAttributesProvider interface.
> The Namenode plugin has to be refactored to use this new interface.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)