[
https://issues.apache.org/jira/browse/IMPALA-11622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fang-Yu Rao resolved IMPALA-11622.
----------------------------------
Resolution: Duplicate
This is a duplicate of IMPALA-10272, which has already been resolved.
> Impala load data command fails when the impala user has access on source file
> through Ranger policy
> ---------------------------------------------------------------------------------------------------
>
> Key: IMPALA-11622
> URL: https://issues.apache.org/jira/browse/IMPALA-11622
> Project: IMPALA
> Issue Type: Bug
> Reporter: Abhishek
> Priority: Major
>
> When trying to run the load data command in Impala,
> if the Impala user has access on the source file through a Ranger HDFS policy,
> then the load data command fails.
> If the impala user has access on the source file through HDFS ACLs,
> then the load data command executes successfully.
> Steps to reproduce :-
> Ranger policy setup
> HDFS policies
> Policy 1 :-
> All access policy for HDFS user
> user - hdfs
> resources - * , recursive=true
> access - all access allowed
> Policy 2 :-
> Access for impala user on /root_test_dir/test_dir_2
> user - impala
> resources - /root_test_dir/test_dir_2 , recursive = true
> access - all access allowed
> Hadoop SQL policies
> Policy 1 : All access policy for hrt_qa, hive and impala user
> users - hrt_qa, impala, hive
> resources - db - *, table - *, column - *
> access - all access allowed
> Policy 2 : Url policy for hrt_qa user
> users - hrt_qa
> resources :- url - *
> access - all access allowed
> Data setup :-
> In HDFS,
> create the following directories as the hdfs user
> {code:java|bgColor=#f4f5f7}
> /root_test_dir
> /root_test_dir/test_dir_1
> /root_test_dir/test_dir_2{code}
> Create a text file in local machine temp.txt with the any content ( for ex :-
> Hello World)
> Then copy the temp.txt file to the HDFS dirs /root_test_dir/test_dir_1 and
> /root_test_dir/test_dir_2
> Set the ACLs for /root_test_dir/test_dir_1 to 777 recursively
> {code:java|bgColor=#f4f5f7}
> hdfs dfs -chmod -R 777 /root_test_dir/test_dir_1 {code}
>
> Set the ACLs for /root_test_dir/test_dir_2 to 000 recursively
> {code:java|bgColor=#f4f5f7}
> hdfs dfs -chmod -R 000 /root_test_dir/test_dir_2{code}
> (Run all the hdfs commands as the hdfs user)
> In Impala-shell, as hrt_qa user
> create a test_db and create a test_table under test_db.
> {code:java|bgColor=#f4f5f7}
> CREATE TABLE test_db.test_table(c0 string) STORED AS TEXTFILE
> TBLPROPERTIES('transactional'='false'){code}
>
> Run the LOAD DATA command as hrt_qa user :-
> {code:java|bgColor=#f4f5f7}
> test_db> LOAD DATA INPATH '/root_test_dir/test_dir_1/temp.txt' INTO TABLE
> test_db.test_table
> > ;
> Query: LOAD DATA INPATH '/root_test_dir/test_dir_1/temp.txt' INTO TABLE
> test_db.test_table
> +----------------------------------------------------------+
> | summary |
> +----------------------------------------------------------+
> | Loaded 1 file(s). Total files in destination location: 1 |
> +----------------------------------------------------------+
> Fetched 1 row(s) in 6.56s {code}
> Failing case :-
> {code:java}
> test_db> LOAD DATA INPATH '/root_test_dir/test_dir_2/temp.txt' INTO TABLE
> test_db.test_table; Query: LOAD DATA INPATH
> '/root_test_dir/test_dir_2/temp.txt' INTO TABLE test_db.test_table ERROR:
> AccessControlException: Permission denied: user=impala, access=READ,
> inode="/warehouse/tablespace/external/hive/test_db.db/test_table/.tmp_4b9b3a83-f4f9-4363-81ae-21f5c170c1bd/temp.txt":hdfs:supergroup:----------
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
