[ https://issues.apache.org/jira/browse/IMPALA-7695?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Balazs Jeszenszky updated IMPALA-7695: -------------------------------------- Component/s: Security > Consolidate ACL inheritance > --------------------------- > > Key: IMPALA-7695 > URL: https://issues.apache.org/jira/browse/IMPALA-7695 > Project: IMPALA > Issue Type: Improvement > Components: Security > Reporter: Zsolt Herczeg > Priority: Minor > > As of now Impala behavior is not consistent regarding ACL inheritance by > default. > If --insert_inherit_permissions is not specified, then: > {code:java} > CREATE EXTERNAL TABLE acl_test (a int) partitioned by (b int) STORED AS > PARQUET LOCATION '/dataroot/acl_test/'; > {code} > This will create the table directory (/dataroot/acl_test), and inherit the > parent dir (/dataroot) acls. > {code:java} > ALTER TABLE acl_test ADD PARTITION (b=10) > {code} > This will create the partition directory (/dataroot/acl_test/b=10) and > inherit the parent dir (/dataroot/acl_test) acls. > {code:java} > INSERT INTO acl_test (a,b) VALUES (1,2) > {code} > This will create the partition directory (/dataroot/acl_test/b=2) but will > *not* inherit any acls. > The difference in the INSERT/ALTER behavior will lead to inconsistent > partition directory permissions, depending on whether they were created > explicitly beforhand or implicitly during an insert. > This is documented, but generally unexpected. I'd recommend to review if a > more consistent approach could be followed for ACLs on partition directories.. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org For additional commands, e-mail: issues-all-h...@impala.apache.org