Load UDF from HDFS

[Zoltán Szatmári <zs...@rapidminer.com>]

Hi All,

we are developing a software at our company, that highly depends on 
UDFs. Without Sentry, it was possible to upload a JAR to the HDFS and 
afterwards execute the "Create function" statement.

With Sentry enabled, according to the Cloudera documentation 
(http://www.cloudera.com/content/cloudera/en/documentation/core/latest/topics/cm_mc_hive_udf.html) 
and also our experience the JAR should put into the local filesystem and 
should be added to the hive classpath.

It is too much static, we cannot replace the UDF classes on the fly and 
it probably breaks our solution.

I read in the docs, that the user can have rights on URIs, e.g. 
"uri=hdfs://namenode:port/path/to/dir". I tried them, but it doesn't 
work without the JAR on the local filesystem (hive classpath).

Is there any security hole, if we don't add the JAR to the local 
filesystem, just have rights on the HDFS? Why is implemented this 
restriction? Why is it not possible to execute UDFs if the administrator 
grants right on the HDFS location, where our JAR is uploaded.

What are the plans for the further releases? Can we consider this 
behaviour stable?

Thanks,

Zoltán