Problem
When performing a GRANT DDL statement on a dataset with a very long name an error is returned, containing the following:
ERROR MESSAGE:
ERROR:root:Status code 400
ERROR:root:Response: {"message": "Could not execute ddl: Could not execute ddl.\nDetail: RuntimeException: Unknown error for request:
message: Insert of object \"org.apache.sentry.provider.db.service.model.MSentryPrivilege@617241f\" using statement \"INSERT INTO `SENTRY_DB_PRIVILEGE` (`DB_PRIVILEGE_ID`,`PRIVILEGE_SCOPE`,`DB_NAME`,`WITH_GRANT_OPTION`,`SERVER_NAME`,`ACTION`,`COLUMN_NAME`,`CREATE_TIME`,`TABLE_NAME`,`URI`) VALUES (?,?,?,?,?,?,?,?,?,?)\" failed : Data truncation: Data too long for column 'TABLE_NAME' at row 1. Server Stacktrace: javax.jdo.JDODataStoreException: Insert of object \"org.apache.sentry.provider.db.service.model.MSentryPrivilege@617241f\" using statement \"INSERT INTO `SENTRY_DB_PRIVILEGE` (`DB_PRIVILEGE_ID`,`PRIVILEGE_SCOPE`,`DB_NAME`,`WITH_GRANT_OPTION`,`SERVER_NAME`,`ACTION`,`COLUMN_NAME`,`CREATE_TIME`,`TABLE_NAME`,`URI`) VALUES (?,?,?,?,?,?,?,?,?,?)\" failed : Data truncation: Data too long for column 'TABLE_NAME' at row 1\n\tat org.datanucleus.api.jdo.NucleusJDOHelper.getJDOExceptionForNucleusException(NucleusJDOHelper.java:451)\n\tat org.datanucleus.api.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:732)\n\tat org.datanucleus.api.jdo.JDOPersistenceManager.makePersistent(JDOPersistenceManager.java:752)\n\tat org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleGrantPrivilegeCore(SentryStore.java:480)\n\tat org.apache.sentry.provider.db.service.persistent.SentryStore.alterSentryRoleGrantPrivileges(SentryStore.java:417)\n\tat org.apache.sentry.provider.db.service.thrift.SentryPolicyStoreProcessor.alter_sentry_role_grant_privilege(SentryPolicyStoreProcessor.java:279)\n\tat
Answer
This is caused by a mismatch of the allowed maximum table name length in the HMS and Policy schemas. The latter only permits 64 characters, while the former may allow up to 128 characters (based on what schema version is used).
To work around this problem, you need to run an ALTER TABLE command on the Policy Engine database. The following steps are required:
- Connect to the RDBMS containing the Policy Engine database (that is, Sentry DB).
- Identify the name of the Sentry database you are using (see notes below).
- Run the following commands:
USE <sentry_db_name>;
ALTER TABLE SENTRY_DB_PRIVILEGE MODIFY COLUMN TABLE_NAME VARCHAR(128);
ALTER TABLE SENTRY_DB_PRIVILEGE MODIFY COLUMN DB_NAME VARCHAR(128);'
After that you can exit the connection to the RDBMS and retry the GRANT command.
Notes:
- Setting the catalog prefix or the specific sentry database name may influence where the database is located and what its name is.
- Okera is targeting to improve this behavior in upcoming releases. Please, refer to the release notes for more information.
Comments
0 comments
Please sign in to leave a comment.