[ https://issues.apache.org/jira/browse/SENTRY-2134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16477743#comment-16477743 ]
Ruslan Dautkhanov commented on SENTRY-2134: ------------------------------------------- [~akolb] {quote}what happens if there is table grant and URI grant? {quote} I don't see a good use case when an external table would point to a directory under Hive warehouse-managed directory. We have none of these tables. I think answer to this question is simple - Hive warehouse managed locations take precedence and HDFS ACLs will be overridden by Sentry HDFS plugin, like its done currently. {quote}what happens if there is table grant and URI grant? Or there is URI grant on a directory and column-level privilege?{quote} My understanding that column-level grants don't translate to HDFS level permissions/ ACLs, it's not correct? [~belugabehr] {quote}Sentry Sync can be keyed off URI alone and no longer on database/table location{quote} Not sure I am following. Can you please elaborate? Thank you. > Apply Hive URI grants recursively to subdirectories > --------------------------------------------------- > > Key: SENTRY-2134 > URL: https://issues.apache.org/jira/browse/SENTRY-2134 > Project: Sentry > Issue Type: Wish > Components: Hive Binding > Affects Versions: 1.8.0, 2.0.0, 1.7.1 > Reporter: Ruslan Dautkhanov > Priority: Major > Labels: hive, uri > > Currently we need to add direct grants for all Hive tables' LOCATIONs. > Like, 'hdfs_staging/table1', 'hdfs_staging/table2', etc.. > It's not manageable this way. - we can't add grants for each and every table. > It would be great if we could just do one grant - > 'hdfs_staging/' so it would automatically be applied to > 'hdfs_staging/table1', 'hdfs_staging/table2', and other subdirectories. > There is probably a reason this wasn't implemented earlier? Thanks for > considering this improvement. > Also found another user's request on this - > https://community.cloudera.com/t5/Interactive-Short-cycle-SQL/Impala-Sentry-GRANT-ALL-ON-URI-not-cascaded-down-through/td-p/39928 -- This message was sent by Atlassian JIRA (v7.6.3#76005)