Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Spark: saving into single table with Sentry

Spark: saving into single table with Sentry

New Contributor

Hi All,

 

I'm working on a Kerberized CDH 5.12.x Cluster, with HDFS ACL Sync active.

I'm struggling with the right Sentry grant to give to a role mapped to the user (group) mapped to a Spark application that should be able to write only to a single Hive Managed Table.

In particular,

- the table is not owned by the app user, instead he should only be able to write to the table.

- the user cannot access other tables in the databases (which is shared among other users)

- the user cannot be able to create new tables in the database.

At the moment I gave the ALL grant on the table to the role and no grants on the database.

 

And now, the problem:

The Spark "saveAsTable" method in overwrite mode can drop the table but cannot recreate it because the user has no grant on the database.

I suppose I can give him INSERT privileges on the database, but with this how can I prevent him to create unauthorized tables in my database?

 

Thanks in advance (and sorry for the tl;dr  ;)  )

 

Lorenzo