This document describes how attributes (permission, group, extended ACL's) of files representing Hive data are determined.
To reduce need to set fine-grain file security props after every operation, users may want the following Hive warehouse file/dir to auto-inherit security properties from their directory parents:
What is inherited:
Extended ACL's (already done by HDFS for new directories)
This inheritance of extended ACL's is literal, all extended ACL's are copied to children as is, including ACL's for the defaultGroup.
One room for improvement may be to follow HDFS semantics for the defaultGroup, which is as follows:
"When a new file or sub-directory is created, it automatically copies the default ACL of its parent into its own access ACL. A new sub-directory also copies it to its own default ACL. In this way, the default ACL will be copied down through arbitrarily deep levels of the file system tree as new sub-directories get created." (https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#ACLs_Access_Control_Lists)
Most of this functionality was added as of Hive 0.14.
See umbrella JIRA HIVE-6892 for details.
hive.warehouse.subdir.inherit.perms was removed in Hive 3.0.0. The feature is no longer needed in Hive as the traditional permission model has largely been replaced by external security systems such as Ranger and Sentry. A user may choose SQLStdAuth which ships with Hive if user doesn't want to use an external security system.