Additional Changes in Behavior with HDFS-Encrypted Tables
Additional behavioral changes with HDFS-encrypted tables.
Users reading data from read-only encrypted tables must have access to a temp directory that is encrypted with at least as strong encryption as the table.
By default, temp data related to HDFS encryption is written to a staging directory identified by the
hive-exec.stagingdirproperty created in the
hive-site.xmlfile associated with the table folder.
- As of HDP-2.6.0, Hive INSERT OVERWRITE queries require a Ranger URI
policy to allow write operations, even if the user has write privilege granted
through HDFS policy. To fix the failing Hive INSERT OVERWRITE queries:
- Create a new policy under the Hive repository.
- In the dropdown where you see Database, select URI.
- Update the path (Example: /tmp/*).
- Add the users and group and save.
- Retry the insert query.
When using encryption with Trash enabled, table deletion operates differently than the default trash mechanism. For more information see “Deleting Files from an Encryption Zone with Trash Enabled”.