halim kim created IMPALA-12291:
----------------------------------
Summary: Insert statement fails even if hdfs ranger policy allows
it
Key: IMPALA-12291
URL: https://issues.apache.org/jira/browse/IMPALA-12291
Project: IMPALA
Issue Type: Bug
Components: fe
Environment: - Impala Version (4.1.0)
- Ranger admin version (2.0)
- Hive version (3.1.2)
Reporter: halim kim
Apache Ranger is framework for providing security and authorization in hadoop
platform.
Impala can also utilize apache ranger via ranger hive policy.
The thing is that insert or some other query is not executed even If you enable
ranger hdfs plugin and set proper allow condition for impala query excuting.
you can see error log like below.
{code:java}
AnalysisException: Unable to INSERT into target table (testdb.testtable)
because Impala does not have WRITE access to HDFS location:
hdfs://testcluster/warehouse/testdb.db/testtable
{code}
This happens when ranger hdfs plugin is enabled but impala doesn't have
permission for hdfs POSIX permission.
For example, In the case that DB file owner, group and permission is set as
hdfs:hdfs r-xr-xr-- and ranger plugin policy(hdfs, hive and impala) allows
impala to execute query, Insert Query will be fail.
In my opinion, The main cause is impala fe component doesn't check ranger
policy but hdfs POSIX model permissions.
Similar issue : https://issues.apache.org/jira/browse/IMPALA-10272
I'm working on resolving this issue by adding hdfs ranger policy checking code.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
