New Contributor
Posts: 1
Registered: ‎11-17-2017

Spark: saving into single table with Sentry

[ Edited ]

Hi All,


I'm working on a Kerberized CDH 5.12.x Cluster, with HDFS ACL Sync active.

I'm struggling with the right Sentry grant to give to a role mapped to the user (group) mapped to a Spark application that should be able to write only to a single Hive Managed Table.

In particular,

- the table is not owned by the app user, instead he should only be able to write to the table.

- the user cannot access other tables in the databases (which is shared among other users)

- the user cannot be able to create new tables in the database.

At the moment I gave the ALL grant on the table to the role and no grants on the database.


And now, the problem:

The Spark "saveAsTable" method in overwrite mode can drop the table but cannot recreate it because the user has no grant on the database.

I suppose I can give him INSERT privileges on the database, but with this how can I prevent him to create unauthorized tables in my database?


Thanks in advance (and sorry for the tl;dr  ;)  )