AuthurWang2009 commented on issue #5126: URL: https://github.com/apache/kyuubi/issues/5126#issuecomment-1661520500
The execution workflow of kyuubi looks like this: 1、the server pulls policies of hive service in ranger with server principal and keytab 2、the server parses the sql and maybe access hive metastore for more information about table info of view with real user 3、the server submit the sql,and launch spark app with real user to do the job in this situation, step 2 and step 3 can probably run into exception: 1、table access permission do not configured in hive service, and hive service only configures the view access condition, so the real user access hive metastore will be disallowed. 2、spark app translates logic plan to physical plan, and read hdfs file accordingly. and hdfs service in ranger will deny spark app to access them, for it have no permission to access hdfs file directly. So, How can we work around without changing the security policy? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
