[
https://issues.apache.org/jira/browse/IMPALA-7695?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Balazs Jeszenszky updated IMPALA-7695:
--------------------------------------
Component/s: Security
> Consolidate ACL inheritance
> ---------------------------
>
> Key: IMPALA-7695
> URL: https://issues.apache.org/jira/browse/IMPALA-7695
> Project: IMPALA
> Issue Type: Improvement
> Components: Security
> Reporter: Zsolt Herczeg
> Priority: Minor
>
> As of now Impala behavior is not consistent regarding ACL inheritance by
> default.
> If --insert_inherit_permissions is not specified, then:
> {code:java}
> CREATE EXTERNAL TABLE acl_test (a int) partitioned by (b int) STORED AS
> PARQUET LOCATION '/dataroot/acl_test/';
> {code}
> This will create the table directory (/dataroot/acl_test), and inherit the
> parent dir (/dataroot) acls.
> {code:java}
> ALTER TABLE acl_test ADD PARTITION (b=10)
> {code}
> This will create the partition directory (/dataroot/acl_test/b=10) and
> inherit the parent dir (/dataroot/acl_test) acls.
> {code:java}
> INSERT INTO acl_test (a,b) VALUES (1,2)
> {code}
> This will create the partition directory (/dataroot/acl_test/b=2) but will
> *not* inherit any acls.
> The difference in the INSERT/ALTER behavior will lead to inconsistent
> partition directory permissions, depending on whether they were created
> explicitly beforhand or implicitly during an insert.
> This is documented, but generally unexpected. I'd recommend to review if a
> more consistent approach could be followed for ACLs on partition directories..
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
