Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to create external table without serveradmin rights?

Labels:
avatar
author-rank Tomas79
Guru

Created on ‎05-07-2016 01:07 PM - edited ‎09-16-2022 03:17 AM

Hi, 

 is it a bug, or a desired feature that the create external table (or change location of external table) is allowed only for serveradmin roles?

Based on the documentation the database ALL permission should be sufficient, but there is a statement that also the URI should be accessible.

However when I change my test user permission and remove serveradmin, he cannot create an external table pointing to his home directory such like this:

create table part ( i int, s string ) stored as textfile location '/user/testuser/part';

 

ERROR: AuthorizationException: User 'testuser@MYREALM.LOCAL' does not have privileges to access: hdfs://hdfscluster/user/testuser/part

 

After enabling the serveradmin right for testuser the command executes correctly and the table is created.

 

Any hints on this?

Thanks

3,984 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank mathieu.d
Super Collaborator

Created on ‎08-17-2016 12:26 AM - edited ‎08-17-2016 12:28 AM

Hi,

 

I think sentry check if your user have specific permission on the "LOCATION" URI you have provided (and this is not related to HDFS ACL).

Try to grant, in sentry, that permission too.

 

For example :

GRANT ALL ON URI 'hdfs://hdfscluster/user/testuser/part' TO ROLE <a_role>;

 

regards,

mathieu

 

View solution in original post

4,014 Views
1
2 REPLIES 2

avatar
author-rank mathieu.d
Super Collaborator

Created on ‎08-17-2016 12:26 AM - edited ‎08-17-2016 12:28 AM

Hi,

 

I think sentry check if your user have specific permission on the "LOCATION" URI you have provided (and this is not related to HDFS ACL).

Try to grant, in sentry, that permission too.

 

For example :

GRANT ALL ON URI 'hdfs://hdfscluster/user/testuser/part' TO ROLE <a_role>;

 

regards,

mathieu

 

4,015 Views
1

avatar
author-rank Tomas79
Guru

Created ‎08-17-2016 01:13 AM

Yes, you are right, there has to be a explicit grant on that URI, not just a HDFS access to the given directory.

I don't understand why the documentation do not explain it more clearly..

Thanks

3,869 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements