apache
[IMPROVMENT] AMS does not support to create table under the Sentry managed dir
Precondition: Installed a hive with sentry permission controlled. Also, the user didn't have root permission for hive warehouse dir.
Phenomenon: When user try to create a table with new database, AMS will try to create dir on HDFS under the hive warehouse dir. Due to the given role had no permission for hive warehouse dir, it will throw AccessControlException: Permission denied. Genrally, there are 2 thoughts to solve the issue:
- Give the user root permission for hive warehouse dir. However, this cannot been achieved due to the Hive warehouse itself been managed by Sentry, where you unable to specify role manaually using setfacl command.
- Another way is manully create and give permission by using Hive and Sentry. However, the Hive created database include ".db" suffix but Iceberg does not, thus it will still not found and try to create database then throw exception again.
Possible solution: Let the iceberg create a database with ".db" suffix.
Dicussion: Should we support this feature which allow user to create table under the Sentry managed location? Or leave this to the enterprise-class feature?
Hi, @hhippodnsla Thanks for trialing arctic and providing feedback. As I see, you want create arctic table under hive warehouse dir, so you want hms manage arctic or iceberg table?
If yes, a beter path would be:
- Using arctic adapting hive table:a new arctic table type adapting hive table,detail information would be found in #38 and will be released in arctic v0.3.1
- Waiting arctic support iceberg hive catalog: this is a high priority improvement for arctic and will be released soon
