Sentry grants applied but not ACL working until a database is specified

328 Views Asked by At

I configured a admin role in Sentry with the next permissions:

  • server=server1->action=ALL

In Hive everything works: We can create objects, inserts, selects...

But the HDFS folders haven't the correct ACL:

 hdfs dfs -getfacl /user/hive/warehouse/testgrant
 # file: /user/hive/warehouse/testgrant
 # owner: hive
 # group: hive
 user::rwx
 group::---
 user:hive:rwx
 group:hive:rwx
 mask::rwx
 other::--x

But if I set the database or the table in Sentry with next config:

  • server=server1 db=default table=testgrant action=ALL

Then I can see the correct ACL:

 # file: /user/hive/warehouse/testgrant
 # owner: hive
 # group: hive
 user::rwx
 group::---
 user:hive:rwx
 group:hive:rwx
 group:g_datalake_dba_des:rwx
 mask::rwx
 other::--x

This is a problem, because I want to have ACL access automatically when I create a table in Hive without define a specific permission in Sentry (I have ALL in Server)

How can I configure Sentry to do this?

Thanks!

0

There are 0 best solutions below