You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sentry.apache.org by "niklaus xiao (JIRA)" <ji...@apache.org> on 2015/09/25 09:20:04 UTC

[jira] [Issue Comment Deleted] (SENTRY-709) Refactor Sentry HDFS Namenode Plugin to use HDFS INodeAttributesProvider

     [ https://issues.apache.org/jira/browse/SENTRY-709?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

niklaus xiao updated SENTRY-709:
--------------------------------
    Comment: was deleted

(was: Hi, [~asuresh] I tried this patch and found that: when grant select privilege on a table to role role1 in default database the "show tables" command submitted by users in this role will failed because this user doesn't have READ privilege on path "/user/hive/warehouse" dir, acl of this path is:
{quote}
hdfs dfs -getfacl /user/hive/warehouse
15/09/25 10:15:07 INFO hdfs.PeerCache: SocketCache disabled.
# file: /user/hive/warehouse
# owner: hive
# group: hive
user::rwx
group::---
user:hive:rwx
group:hive:rwx
mask::rwx
other::--x
{quote}

Besides, the same issue happens even if database is not default.)

> Refactor Sentry HDFS Namenode Plugin to use HDFS INodeAttributesProvider
> ------------------------------------------------------------------------
>
>                 Key: SENTRY-709
>                 URL: https://issues.apache.org/jira/browse/SENTRY-709
>             Project: Sentry
>          Issue Type: Improvement
>            Reporter: Arun Suresh
>            Assignee: Arun Suresh
>              Labels: integration, roadmap
>         Attachments: SENTRY-709.1.patch, SENTRY-709.2.patch, SENTRY-709.2.patch
>
>
> Sentry HDFS namenode plugin uses a pre-committed version of the HDFS AuthorizationProvider interface. HADOOP 2.7.0 will ship with the new INodeAttributesProvider interface.
> The Namenode plugin has to be refactored to use this new interface.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)