As was discovered by Kalyan, there is a problem with fine-grained privileges, implemented in SENTRY-331 when HDFS sync is enabled. These privileges have no direct mapping for HDFS and can't be easily mapped.
Currently, when HDFS NameNode gets one of these permissions it throws an unchecked exceptions and stops processing any privileges whatsoever which is pretty bad. We need to define a better behavior. Here are some options: 1. Ignore unknown permission and continue with the rest 2. Treat unknown permission as NONE I think that the second option is the safest and I personally would suggest this approach, but it kind of defeats the purpose of fine-grained privileges. Any thoughts on that? - Alex
