TSB 2017-170: Sentry does not manage permissions of Hive directories after certain commands

0 votes
2 views
asked Aug 30, 2017 in Hadoop by admin (4,410 points)
SummarySentry does not manage permissions of Hive directories after certain DDL/DML commands. Users running Sentry with Hive or Impala using the HDFS ACL synchronization feature are affected

Symptoms

Sentry does not manage permissions of Hive directories that were targets of certain DDL/DML commands.

The table/partition directory ACLs and permissions will be reverted to the underlying HDFS values after these workflows

  1. Insert on unpartitioned tables
  2. Alter table property on any table

Examples: 

  1. Alter tables, which are not rename or set location. For example "alter table set property"
  2. Insert on a unpartitioned table.
Applies To

  • CDH 5.5.4 and lower
  • CDH 5.6.1 and lower
  • CDH 5.7.1 and lower
Cause
Instructions

Upgrade to one of the following releases:

  • CDH 5.5.5 and higher
  • CDH 5.7.2 and higher
  • CDH 5.8.0 and higher

As a temporary work-around, restarting the HMS will act as a reset until the DDL/DML commands are rerun.

Please log in or register to answer this question.

...