About holmesin

holmesin · ‎10-15-2019

I think the ranger action should be right, since it denies at the path '/apps/hive/warehouse/testdb.db', I only granted the user hdfs permission to the table path '/apps/hive/warehouse/testdb.db/table1'. I don't understand why it need the read permission to the database directory to do a desc on a table. Since with my ranger setting, I can do select on the table with no problem. It's just that I cannot do "desc" command on this table.

holmesin · ‎10-15-2019

thanks for your reply, the enforcer is ranger-acl.

holmesin · ‎10-14-2019

In ranger, I have already gave the select permission of certain hive table, and read, execute permission on hdfs path of the table. To make a example: set read, execute permission on path /apps/hive/warehouse/testdb.db/table1 to account set select permission on hive table 'table1' on all columns to account When I do the command: "show tables in testdb.db;" or "desc testdb.table1" I get the Error from hive client: Error: Error while compiling statement: FAILED: SemanticException [Error 10072]: Database does not exist: dwd (state=42000,code=10072) When I check the 'hivemetastore.log', it shows the query requires the read permission on path '/apps/hive/warehouse/testdb.db' org.apache.hadoop.ipc.RemoteException(org.apache.ranger.authorization.hadoop.exceptions.RangerAccessControlException): Permission denied: user=xxx, access=READ, inode="/apps/hive/warehouse/testdb.db" The problem is, I only want to grant the permission of the table to this account. From my experience I don't need such database path permission to use 'desc' command on the table. What could be the problem?

Online	Offline
Last Visited	‎11-15-2019 04:39 AM

Member Since	‎10-14-2019 07:26 PM
Last Visited	‎11-15-2019 04:39 AM
Posts	3

Cloudera Community

Re: hive desc table throw SemanticException [Error...

Re: hive desc table throw SemanticException [Error...

hive desc table throw SemanticException [Error 100...