[
https://issues.apache.org/jira/browse/SPARK-5159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15996249#comment-15996249
]
Diego Fustes Villadóniga commented on SPARK-5159:
-------------------------------------------------
We are also experimenting problems with version 2.0.0 when activating
impersonation on a kerberized cluster. In our case, it seems that impersonation
is working for SELECT queries. However, when we run a CREATE TABLE SELECT or an
INSERT we receive an exception. The reason is that it is the service user who
is writing in the hive staging area instead of the impersonated user.
Impersonation is crucial in order to secure the access to the cluster
resources, so please look at this asap.
> Thrift server does not respect hive.server2.enable.doAs=true
> ------------------------------------------------------------
>
> Key: SPARK-5159
> URL: https://issues.apache.org/jira/browse/SPARK-5159
> Project: Spark
> Issue Type: Bug
> Components: SQL
> Affects Versions: 1.2.0
> Reporter: Andrew Ray
> Attachments: spark_thrift_server_log.txt
>
>
> I'm currently testing the spark sql thrift server on a kerberos secured
> cluster in YARN mode. Currently any user can access any table regardless of
> HDFS permissions as all data is read as the hive user. In HiveServer2 the
> property hive.server2.enable.doAs=true causes all access to be done as the
> submitting user. We should do the same.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
