I'm working on a Kerberized CDH 5.12.x Cluster, with HDFS ACL Sync active.
I'm struggling with the right Sentry grant to give to a role mapped to the user (group) mapped to a Spark application that should be able to write only to a single Hive Managed Table.
- the table is not owned by the app user, instead he should only be able to write to the table.
- the user cannot access other tables in the databases (which is shared among other users)
- the user cannot be able to create new tables in the database.
At the moment I gave the ALL grant on the table to the role and no grants on the database.
And now, the problem:
The Spark "saveAsTable" method in overwrite mode can drop the table but cannot recreate it because the user has no grant on the database.
I suppose I can give him INSERT privileges on the database, but with this how can I prevent him to create unauthorized tables in my database?
Thanks in advance (and sorry for the tl;dr 😉 )
... View more