verify the ACL's on the /hive/warehouse/wuchang_test.db location, /hive/warehouse location, /hive location Another location you can check the permissions of '*eek' property in kms-acls.xml file if HDFS is on cloudera cluster.
On Thu, Jun 22, 2017 at 3:15 AM, wuchang <583424...@qq.com> wrote: > The admin user of my hive is named *appuser*.I have create a database > named wuchang_test and a table named abtestmsg. Yes , I describe the > database, the OWNER NAME of this database is appuser and OWNER TYPE is USER > ,just like below: > > 0: jdbc:hive2://hive.data.ms.netease.com:1000> describe database wuchang_test; > OK > db_name|comment|location|owner_name|owner_type|parameters > wuchang_test||hdfs://datahdfsmaster/hive/warehouse/wuchang_test.db|appuser|USER| > > I have defined a role named *ep_dm* and a user named *bjchenweiyao* of > this role; Also , I have already grant SELECT,DELETE,UPDATE,INSERT of this > table to role ep_dm: > > database|table|partition|column|principal_name|principal_type|privilege|grant_option|grant_time|grantor > > wuchang_test|abtestmsg|||appuser|USER|DELETE|true|1498113549000|appuser > wuchang_test|abtestmsg|||appuser|USER|INSERT|true|1498113549000|appuser > wuchang_test|abtestmsg|||appuser|USER|SELECT|true|1498113549000|appuser > wuchang_test|abtestmsg|||appuser|USER|UPDATE|true|1498113549000|appuser > wuchang_test|abtestmsg|||ep_dm|ROLE|DELETE|false|1498113687000|appuser > wuchang_test|abtestmsg|||ep_dm|ROLE|INSERT|false|1498113696000|appuser > wuchang_test|abtestmsg|||ep_dm|ROLE|SELECT|false|1498113704000|appuser > wuchang_test|abtestmsg|||ep_dm|ROLE|UPDATE|false|1498113712000|appuser > > user bjchenweiyao tried to insert some data to table > wuchang_test.abtestmsg, but permission denied: > > Error: Error while compiling statement: FAILED: RuntimeException Cannot > create staging directory > 'hdfs://datahdfsmaster/hive/warehouse/wuchang_test.db/abtestmsg/dt=2017-05-01/.hive-staging_hive_2017-06-22_14-55-58_843_8091260031059700585-336': > Permission denied: user=bjchenweiyao, access=WRITE, > inode="/hive/warehouse/wuchang_test.db/abtestmsg/dt=2017-05-01/.hive-staging_hive_2017-06-22_14-55-58_843_8091260031059700585-336":appuser:supergroup:drwxr-xr-x > > In order to make user bjchenweiyao to have the write permission for table > wuchang_test.abtestmsg, I alter the database owner from USER appuser to > ROLE ep_dm: > > alter database wuchang_test set owner ROLE ep_dm; > > or I alter the database owner from USER appuser to USER bjchenweiyao > directly: > > alter database wuchang_test set owner USER bjchenweiyao; > > both those methods have tried, but the permission problem is still there. > > the database hdfs directory permission is : > > [appuser@hz-105 ~]$ hadoop fs -ls /hive/warehouse/wuchang_test.db > Found 1 items > drwxr-xr-x - appuser supergroup 0 2017-06-22 14:39 > /hive/warehouse/wuchang_test.db/abtestmsg > > I know , the user bjchenweiyao has no permission to write to hdfs > directory /hive/warehouse/wuchang_test.db/abtestmsg whose permission is > drwxr-xr-x . > > But what can I do to make bjchenweiyao has the write permission? > > Big thanks. >