Description
Code of Conduct
- I agree to follow this project's Code of Conduct
Search before asking
- I have searched in the issues and found no similar issues.
Describe the bug
apache spark 3.4.4
kyuubi 1.9.3
ranger 1.2.0
authZ complie with :
mvn clean package -pl :kyuubi-spark-authz-shaded_2.12 -am -DskipTests -Pspark-3.4 -Dspark.version=3.4.4 -Dranger.version=1.2.0
connect to kyuubi:
jdbc:hive2://10.0.1.1:10009/;?kyuubi.engine.share.level=user;#spark.sql.runSQLOnFiles=true;spark.app.name=spark-3.4-test
try:
select * from parquet.`/warehouse/tablespace/managed/hive/test.db/students/student_id=1` limit 10;
error:
Caused by: org.apache.kyuubi.plugin.spark.authz.AccessControlException: Permission denied: user [xman] does not have [read] privilege on [[hdfs://nsprd/warehouse/tablespace/managed/hive/test.db/students/student_id=1, hdfs://nsprd/warehouse/tablespace/managed/hive/test.db/students/student_id=1/]]
the user have all db and table privilege , and hdfs path privilege about the warehouse:
and this is fine with spark 3.3.3 and kyuubi-spark-authz_2.12-1.8.0-SNAPSHOT.jar
Affects Version(s)
1.9.3
Kyuubi Server Log Output
No response
Kyuubi Engine Log Output
No response
Kyuubi Server Configurations
No response
Kyuubi Engine Configurations
No response
Additional context
No response
Are you willing to submit PR?
- Yes. I would be willing to submit a PR with guidance from the Kyuubi community to fix.
- No. I cannot submit a PR at this time.