We have a cloudera CDH 5.14 cluster with MIT Kerberos and enabled Sentry.
We need to create a common/function ID & group in OS and also in HUE. User should have permission to create hive tables (Managed & External) through hue/beeline with hdfs directory location (eg. /one/two/three) and should have access to load the data into table (hue or beeline , hdfs dfs -put command and through spark).
Kindly advise me what are the permissions/ownership to be set for the user/group and in hdfs directory.
Example: Username: xyz , Groupname: cloudera, HDFS dir: /one/two/three
I want to control the hive database, hdfs directory through SENTRY, do not want to create manual hdfs ACL. Kindly advice me to solve this problem.
So far below action taken
Created group and user in OS, created user in hue, created a hive database, created a role in sentry - database privilege and added hdfs URI path
When user creates a hive table through hue/beeline, getting below permission denied
user=hive, access=WRITE, inode=/one/two/three hdfs:supergroup, drwxr-xr-x
Later changed owership to hdfs dir as "hive:hive" and permission "771" recursively, able to create tables but failed to list hdfs directory with below permission denied message
user=xzy, access=READ, inode=/one/two/three hive:hive, drwxrwx--x
... View more