[
https://issues.apache.org/jira/browse/HIVE-28848?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Riju Trivedi resolved HIVE-28848.
---------------------------------
Fix Version/s: 4.2.0
Resolution: Fixed
> Remove DFS_URI auth from ALTER_PARTITION if there is no change in partition
> location
> ------------------------------------------------------------------------------------
>
> Key: HIVE-28848
> URL: https://issues.apache.org/jira/browse/HIVE-28848
> Project: Hive
> Issue Type: Bug
> Components: Hive
> Affects Versions: 4.0.1
> Reporter: Riju Trivedi
> Assignee: Riju Trivedi
> Priority: Major
> Labels: pull-request-available
> Fix For: 4.2.0
>
>
> The LOAD DATA command invokes the ALTER_PARTITION event to update stats for
> the newly loaded partition. ALTER_PARTITION authorizes DFS_URI for the
> partition location even when the old and new partition locations do not
> change. This requires the Hadoop SQL policy for DFS_URI to be defined for
> the partition location for LOAD DATA commands.
> Steps to repro -
> {code:java}
> CREATE EXTERNAL TABLE test_db.staging_ana_fap_statistics_raw_v2 (id int, name
> string) partitioned by(date_year int, date_month int) STORED AS parquet;
> {code}
> * Add below Ranger policies for test user eg:- *test_user* under Allow
> Conditions
> Create Ranger Policy under cm_s3 | ??Bucket:
> sup-default-aws-cdp-bucket, Path: /tmp and
> /warehouse/tablespace/external/hive/test_db.db/staging_ana_fap_statistics_raw_v2
> Recursive: True | User: test_user, Access: Read, Write??
> * {*}Run SQL from Spark{*}: ??LOAD DATA INPATH
> 's3a://sup-default-aws-cdp-bucket/tmp/2024_10_08_00_part-r-00000' INTO TABLE
> test_db.staging_ana_fap_statistics_raw_v2 PARTITION (date_year='2024',
> date_month='10')??
> {code:java}
> Caused by: org.apache.hadoop.hive.ql.metadata.HiveException:
> MetaException(message:Permission denied: user [test_user] does not have
> [WRITE] privilege on
> [[s3a://sup-default-aws-cdp-bucket/warehouse/tablespace/external/hive/test_db.db/staging_ana_fap_statistics_raw_v2/date_year=2024/date_month=10,
>
> s3a://sup-default-aws-cdp-bucket/warehouse/tablespace/external/hive/test_db.db/staging_ana_fap_statistics_raw_v2/date_year=2024/date_month=10/]])
> at org.apache.hadoop.hive.ql.metadata.Hive.loadPartition(Hive.java:2604)
> at
> org.apache.spark.sql.hive.client.Shim_vCDP.loadPartition(HiveShim.scala:2024)
> at
> org.apache.spark.sql.hive.client.HiveClientImpl.$anonfun$loadPartition$1(HiveClientImpl.scala:996)
> ... 91 more
> Caused by: org.apache.hadoop.hive.metastore.api.MetaException: Permission
> denied: user [test_user] does not have [WRITE] privilege on
> [[s3a://sup-default-aws-cdp-bucket/warehouse/tablespace/external/hive/test_db.db/staging_ana_fap_statistics_raw_v2/date_year=2024/date_month=10,
>
> s3a://sup-default-aws-cdp-bucket/warehouse/tablespace/external/hive/test_db.db/staging_ana_fap_statistics_raw_v2/date_year=2024/date_month=10/]]
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
