I have a question regarding Spark privileges with Sentry on Hadoop cluster.
First, some background -
- I'm using CDH version 5.13.2
- ACL sync on HDFS is enabled
- Impersonation disabled
- Grant on database level and for specific cases gants on URI
Scenario
There are two databases, db_a and db_b. In db_a there is a view which selects from table which is defined in db_b.
I granted privilege for a specific user with read access (grant select) on db_a.
In Beeline/Impala/Hue the behavior is as expected:
- show databases shows only db_a
- when user's query the view in db_a it works perfect even the user don't have any privilege on db_b.
The problem with Spark SQL:
- When the same user is trying to access the view in db_a, it's failed as user don't have access to db_b.
Again, same query with same user works fine in Hive/Impala.
Is there any configuration or workaround to resolve the problem?
