[jira] [Commented] (IMPALA-12291) Insert statement fails even if hdfs ranger policy allows it

Mon, 01 Apr 2024 18:03:24 -0700 


    [ 
https://issues.apache.org/jira/browse/IMPALA-12291?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17832984#comment-17832984
 ] 

halim kim commented on IMPALA-12291:
------------------------------------

[~fangyurao] Thank you for letting me know. I will check it out.

> Insert statement fails even if hdfs ranger policy allows it
> -----------------------------------------------------------
>
>                 Key: IMPALA-12291
>                 URL: https://issues.apache.org/jira/browse/IMPALA-12291
>             Project: IMPALA
>          Issue Type: Bug
>          Components: fe, Security
>         Environment: - Impala Version (4.1.0)
> - Ranger admin version (2.0)
> - Hive version (3.1.2)
>            Reporter: halim kim
>            Assignee: halim kim
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Apache Ranger is framework for providing security and authorization in hadoop 
> platform.
> Impala can also utilize apache ranger via ranger hive policy.
> The thing is that insert or some other query is not executed even If you 
> enable ranger hdfs plugin and set proper allow condition for impala query 
> excuting.
> you can see error log like below.
> {code:java}
> AnalysisException: Unable to INSERT into target table (testdb.testtable) 
> because Impala does not have WRITE access to HDFS location: 
> hdfs://testcluster/warehouse/testdb.db/testtable
> {code}
> This happens when ranger hdfs plugin is enabled but impala doesn't have 
> permission for hdfs POSIX permission. 
> For example, In the case that DB file owner, group and permission is set as 
> hdfs:hdfs r-xr-xr-- and ranger plugin policy(hdfs, hive and impala) allows 
> impala to execute query, Insert Query will be fail.
> In my opinion, The main cause is impala fe component doesn't check ranger 
> policy but hdfs POSIX model permissions. 
> Similar issue : https://issues.apache.org/jira/browse/IMPALA-10272
> I'm working on resolving this issue by adding hdfs ranger policy checking 
> code.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to