You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "Tim Armstrong (Jira)" <ji...@apache.org> on 2021/01/25 20:21:00 UTC

[jira] [Resolved] (IMPALA-3657) Permission upon insert are wrong in hive warehouse table files

     [ https://issues.apache.org/jira/browse/IMPALA-3657?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tim Armstrong resolved IMPALA-3657.
-----------------------------------
    Resolution: Not A Bug

> Permission upon insert are wrong in hive warehouse table files
> --------------------------------------------------------------
>
>                 Key: IMPALA-3657
>                 URL: https://issues.apache.org/jira/browse/IMPALA-3657
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: Impala 2.2.3
>         Environment: Cluster is Kerberized and has sentry
>            Reporter: Bala Chander
>            Assignee: Tim Armstrong
>            Priority: Minor
>              Labels: security
>
> Found an issue with permissions on warehouse.
> The Warehouse /user/hive/warehouse was set to owner hive:hive with 771 permissions recursively. User was granted write privilege on table (tbl-1) on database (db-1).
> Initially all grants were done with beeline.
> Next the user switched to impala-shell and inserted some data into tbl-1. The permissions on the new hdfs file was the following:
> ownership :  impala:hive
> permissions:  751 i.e. read and execute on group.
> The user cannot use insert overwrite via beeline sine the group hive has read only permissions.
> The documentation: http://www.cloudera.com/documentation/enterprise/latest/topics/impala_insert.html has the following:
> Related startup options:
> By default, if an INSERT statement creates any new subdirectories underneath a partitioned table, those subdirectories are assigned default HDFS permissions for the impala user. To make each subdirectory have the same permissions as its parent directory in HDFS, specify the --insert_inherit_permissions startup option for the impalad daemon.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org