Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here. Want to know more about what has changed? Check out the Community News blog.

How to create external table without serveradmin rights?

SOLVED Go to solution

How to create external table without serveradmin rights?

Master Collaborator

Hi, 

 is it a bug, or a desired feature that the create external table (or change location of external table) is allowed only for serveradmin roles?

Based on the documentation the database ALL permission should be sufficient, but there is a statement that also the URI should be accessible.

However when I change my test user permission and remove serveradmin, he cannot create an external table pointing to his home directory such like this:

create table part ( i int, s string ) stored as textfile location '/user/testuser/part';

 

ERROR: AuthorizationException: User 'testuser@MYREALM.LOCAL' does not have privileges to access: hdfs://hdfscluster/user/testuser/part

 

After enabling the serveradmin right for testuser the command executes correctly and the table is created.

 

Any hints on this?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to create external table without serveradmin rights?

Super Collaborator

Hi,

 

I think sentry check if your user have specific permission on the "LOCATION" URI you have provided (and this is not related to HDFS ACL).

Try to grant, in sentry, that permission too.

 

For example :

GRANT ALL ON URI 'hdfs://hdfscluster/user/testuser/part' TO ROLE <a_role>;

 

regards,

mathieu

 

2 REPLIES 2

Re: How to create external table without serveradmin rights?

Super Collaborator

Hi,

 

I think sentry check if your user have specific permission on the "LOCATION" URI you have provided (and this is not related to HDFS ACL).

Try to grant, in sentry, that permission too.

 

For example :

GRANT ALL ON URI 'hdfs://hdfscluster/user/testuser/part' TO ROLE <a_role>;

 

regards,

mathieu

 

Re: How to create external table without serveradmin rights?

Master Collaborator

Yes, you are right, there has to be a explicit grant on that URI, not just a HDFS access to the given directory.

I don't understand why the documentation do not explain it more clearly..

Thanks