[jira] [Created] (SENTRY-1772) Permissions created before table creation are not reflected in HDFS ACLs

[Alexander Kolbasov (JIRA)]

Alexander Kolbasov created SENTRY-1772:
------------------------------------------

             Summary: Permissions created before table creation are not 
reflected in HDFS ACLs
                 Key: SENTRY-1772
                 URL: https://issues.apache.org/jira/browse/SENTRY-1772
             Project: Sentry
          Issue Type: Sub-task
          Components: Sentry
    Affects Versions: sentry-ha-redesign
            Reporter: Alexander Kolbasov
             Fix For: sentry-ha-redesign


On the latest sentry codebase, trying to create a table which already has user 
permissions defined in Sentry does no longer reflect HDFS ACL's on the 
directories created as part of table creation.

{code}
sudo -u hive beeline -u 
'"jdbc:hive2://host:10000/default;principal=hive/host@domain"'

CREATE ROLE testdb_3583;
GRANT ALL ON DATABASE testdb_3583 TO ROLE testdb_3583;
GRANT ROLE testdb_3583 TO GROUP flume;
GRANT ROLE cdep_global_admin to group systest;


beeline -u '"jdbc:hive2://hostname:10000/default;principal=hive/host@domain"'

CREATE DATABASE testdb_3583;
CREATE TABLE testdb_3583.test_table1 (business_unit string, country string) 
PARTITIONED BY (country_code string);

sudo -u hdfs hadoop fs -getfacl -R 
/user/hive/warehouse/testdb_3583.db/test_table1
{code}

Generally, we expect to see permission for flume user showing up on the folder 
/user/hive/warehouse/testdb_3583.db/test_table1. And this works as expected in 
earlier release but with the latest codebase, the permission doesn't show up 
anymore.

{code}
+ sudo -u hdfs hadoop fs -getfacl -R 
/user/hive/warehouse/testdb_3583.db/test_table1
# file: /user/hive/warehouse/testdb_3583.db/test_table1
# owner: hive
# group: hive
user::rwx
user:hive:rwx
group::---
group:hive:rwx
mask::rwx
other::--x
{code}

ACLs in old release:
{code}
+ sudo -u hdfs hadoop fs -getfacl -R 
/user/hive/warehouse/testdb_3583.db/test_table1
# file: /user/hive/warehouse/testdb_3583.db/test_table1
# owner: hive
# group: hive
user::rwx
user:hive:rwx
group::---
group:hive:rwx
group:flume:rwx
mask::rwx
other::--x
{code}

ACLs in Sentry HA:

{code}
+ sudo -u hdfs hadoop fs -getfacl -R 
/user/hive/warehouse/testdb_3583.db/test_table1
# file: /user/hive/warehouse/testdb_3583.db/test_table1
# owner: hive
# group: hive
user::rwx
user:hive:rwx
group::---
group:hive:rwx
mask::rwx
other::--x
{code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)