Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

How to create external table without serveradmin rights?

Labels:
avatar
author-rank Tomas79
Guru

Created on ‎05-07-2016 01:07 PM - edited ‎09-16-2022 03:17 AM

Hi, 

 is it a bug, or a desired feature that the create external table (or change location of external table) is allowed only for serveradmin roles?

Based on the documentation the database ALL permission should be sufficient, but there is a statement that also the URI should be accessible.

However when I change my test user permission and remove serveradmin, he cannot create an external table pointing to his home directory such like this:

create table part ( i int, s string ) stored as textfile location '/user/testuser/part';

 

ERROR: AuthorizationException: User 'testuser@MYREALM.LOCAL' does not have privileges to access: hdfs://hdfscluster/user/testuser/part

 

After enabling the serveradmin right for testuser the command executes correctly and the table is created.

 

Any hints on this?

Thanks

3,625 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank mathieu.d
Super Collaborator

Created on ‎08-17-2016 12:26 AM - edited ‎08-17-2016 12:28 AM

Hi,

 

I think sentry check if your user have specific permission on the "LOCATION" URI you have provided (and this is not related to HDFS ACL).

Try to grant, in sentry, that permission too.

 

For example :

GRANT ALL ON URI 'hdfs://hdfscluster/user/testuser/part' TO ROLE <a_role>;

 

regards,

mathieu

 

View solution in original post

3,617 Views
1
2 REPLIES 2

avatar
author-rank mathieu.d
Super Collaborator

Created on ‎08-17-2016 12:26 AM - edited ‎08-17-2016 12:28 AM

Hi,

 

I think sentry check if your user have specific permission on the "LOCATION" URI you have provided (and this is not related to HDFS ACL).

Try to grant, in sentry, that permission too.

 

For example :

GRANT ALL ON URI 'hdfs://hdfscluster/user/testuser/part' TO ROLE <a_role>;

 

regards,

mathieu

 

3,618 Views
1

avatar
author-rank Tomas79
Guru

Created ‎08-17-2016 01:13 AM

Yes, you are right, there has to be a explicit grant on that URI, not just a HDFS access to the given directory.

I don't understand why the documentation do not explain it more clearly..

Thanks

3,510 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements