在Ranger KMS中,我们目前设定了以下值。
key.acl.genomicskey.DECRYPT_EEK= nobody genomicusers
但是,作为genomicusers的成员,我在尝试使用Spark脚本读取和写入此位置时收到以下错误:
hail.java.FatalError: AuthorizationException: User:<me> not allowed to do 'DECRYPT_EEK' on 'genomicskey'
Java stack trace:
org.apache.hadoop.security.authorize.AuthorizationException: User:<me>not allowed to do 'DECRYPT_EEK' on 'genomicskey'
at
Hail version: 0.1-e6de01c
Error summary: AuthorizationException: User:<me>not allowed to do 'DECRYPT_EEK' on 'genomicskey'
查看HDFS,我尝试访问的位置由此密钥加密。
/projects/genomics genomicskey
genomics文件夹的HDFS访问如下:
drwxrwxr-x - hive genomicusers 0 2017-06-13 11:03 /projects/genomics
我需要在Ranger中进行任何其他更改才能解决此问题吗?