Additional Changes in Behavior with HDFS-Encrypted Tables
Additional behavioral changes with HDFS-encrypted tables.
-
Users reading data from read-only encrypted tables must have access to a temp directory that is encrypted with at least as strong encryption as the table.
-
By default, temp data related to HDFS encryption is written to a staging directory identified by the
hive-exec.stagingdirproperty created in thehive-site.xmlfile associated with the table folder. - As of HDP-2.6.0, Hive INSERT OVERWRITE queries require a Ranger URI
policy to allow write operations, even if the user has write privilege granted
through HDFS policy. To fix the failing Hive INSERT OVERWRITE queries:
- Create a new policy under the Hive repository.
- In the dropdown where you see Database, select URI.
- Update the path (Example: /tmp/*).
- Add the users and group and save.
- Retry the insert query.
-
When using encryption with Trash enabled, table deletion operates differently than the default trash mechanism. For more information see “Deleting Files from an Encryption Zone with Trash Enabled”.