Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Sentry syn with hive,spark,hdfs - AccessControlException: Permission denied

Sentry syn with hive,spark,hdfs - AccessControlException: Permission denied

New Contributor


We have a cloudera CDH 5.14 cluster with MIT Kerberos and enabled Sentry. 

We need to create a common/function ID & group in OS and also in HUE. User should have permission to create hive tables (Managed & External) through hue/beeline with hdfs directory location (eg. /one/two/three) and should have access to load the data into table (hue or beeline , hdfs dfs -put command and through spark).

Kindly advise me what are the permissions/ownership to be set for the user/group and in hdfs directory. 

Example: Username: xyz , Groupname: cloudera, HDFS dir: /one/two/three

I want to control the hive database, hdfs directory through SENTRY, do not want to create manual hdfs ACL. Kindly advice me to solve this problem. 

So far below action taken

Created group and user in OS, created user in hue, created a hive database, created a role in sentry - database privilege and added hdfs URI path

When user creates a hive table through hue/beeline, getting below permission denied

user=hive, access=WRITE, inode=/one/two/three hdfs:supergroup, drwxr-xr-x

Later changed owership to hdfs dir as "hive:hive" and permission "771" recursively, able to create tables but failed to list hdfs directory with below permission denied message

user=xzy, access=READ, inode=/one/two/three hive:hive, drwxrwx--x






Don't have an account?
Coming from Hortonworks? Activate your account here