05-07-2016 01:01 PM
I have an kerberos enabled cluster with sentry, and a test user who has read+write rights on the default database.
I created a table with partitions, and tried to "protect" them by removing hdfs access rights on directory level.
create table ch_tab ( i int, s string ) partitioned by ( p int );
insert into ch_tab partition ( p ) select 1, "test", 1000;
insert into ch_tab partition ( p ) select 2, "test2", 1001;
Now I removed all write access rights from the partiton 1000.
I log in as a hdfs user:
kinit -k -t hdfs.keytab hdfs
hdfs dfs -chmod 550 /user/hive/warehouse/ch_tab/p=1000
Now going back to Impala (logged as a test user) I expected that this query will fail:
alter table ch_tab drop partition ( p =1000 );
But Impala just simply ignored the posix permissions and deleted the partition directory!
Any ideas why? Or other way, how to prevent accidental drop or delete of the table, but keeping it still for read available?