Re: User already granted INSERT privilege, but hdfs permission denied

Sat, 24 Jun 2017 12:20:39 -0700 

verify the ACL's on the /hive/warehouse/wuchang_test.db location,
/hive/warehouse location, /hive location
Another location you can check the permissions of '*eek' property in
kms-acls.xml file if HDFS is on cloudera cluster.

On Thu, Jun 22, 2017 at 3:15 AM, wuchang <583424...@qq.com> wrote:

> The admin user of my hive is named *appuser*.I have create a database
> named wuchang_test and a table named abtestmsg. Yes , I describe the
> database, the OWNER NAME of this database is appuser and OWNER TYPE is USER
> ,just like below:
>
> 0: jdbc:hive2://hive.data.ms.netease.com:1000> describe database wuchang_test;
> OK
> db_name|comment|location|owner_name|owner_type|parameters
> wuchang_test||hdfs://datahdfsmaster/hive/warehouse/wuchang_test.db|appuser|USER|
>
> I have defined a role named *ep_dm* and a user named *bjchenweiyao* of
> this role; Also , I have already grant SELECT,DELETE,UPDATE,INSERT of this
> table to role ep_dm:
>
> database|table|partition|column|principal_name|principal_type|privilege|grant_option|grant_time|grantor
>
> wuchang_test|abtestmsg|||appuser|USER|DELETE|true|1498113549000|appuser
> wuchang_test|abtestmsg|||appuser|USER|INSERT|true|1498113549000|appuser
> wuchang_test|abtestmsg|||appuser|USER|SELECT|true|1498113549000|appuser
> wuchang_test|abtestmsg|||appuser|USER|UPDATE|true|1498113549000|appuser
> wuchang_test|abtestmsg|||ep_dm|ROLE|DELETE|false|1498113687000|appuser
> wuchang_test|abtestmsg|||ep_dm|ROLE|INSERT|false|1498113696000|appuser
> wuchang_test|abtestmsg|||ep_dm|ROLE|SELECT|false|1498113704000|appuser
> wuchang_test|abtestmsg|||ep_dm|ROLE|UPDATE|false|1498113712000|appuser
>
> user bjchenweiyao tried to insert some data to table
> wuchang_test.abtestmsg, but permission denied:
>
> Error: Error while compiling statement: FAILED: RuntimeException Cannot 
> create staging directory 
> 'hdfs://datahdfsmaster/hive/warehouse/wuchang_test.db/abtestmsg/dt=2017-05-01/.hive-staging_hive_2017-06-22_14-55-58_843_8091260031059700585-336':
>  Permission denied: user=bjchenweiyao, access=WRITE, 
> inode="/hive/warehouse/wuchang_test.db/abtestmsg/dt=2017-05-01/.hive-staging_hive_2017-06-22_14-55-58_843_8091260031059700585-336":appuser:supergroup:drwxr-xr-x
>
> In order to make user bjchenweiyao to have the write permission for table
> wuchang_test.abtestmsg, I alter the database owner from USER appuser to
> ROLE ep_dm:
>
> alter database wuchang_test set owner ROLE ep_dm;
>
> or I alter the database owner from USER appuser to USER bjchenweiyao
> directly:
>
> alter database wuchang_test set owner USER bjchenweiyao;
>
> both those methods have tried, but the permission problem is still there.
>
> the database hdfs directory permission is :
>
> [appuser@hz-105 ~]$ hadoop fs -ls /hive/warehouse/wuchang_test.db
> Found 1 items
> drwxr-xr-x   - appuser supergroup          0 2017-06-22 14:39 
> /hive/warehouse/wuchang_test.db/abtestmsg
>
> I know , the user bjchenweiyao has no permission to write to hdfs
> directory /hive/warehouse/wuchang_test.db/abtestmsg whose permission is
> drwxr-xr-x .
>
> But what can I do to make bjchenweiyao has the write permission?
>
> Big thanks.
>

Reply via email to