You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "Tamas Mate (Jira)" <ji...@apache.org> on 2022/04/14 08:27:00 UTC
[jira] [Updated] (IMPALA-11098) regular user which want to create kudu table using impala need unnecessary access on ranger
[ https://issues.apache.org/jira/browse/IMPALA-11098?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tamas Mate updated IMPALA-11098:
--------------------------------
Priority: Minor (was: Blocker)
> regular user which want to create kudu table using impala need unnecessary access on ranger
> -------------------------------------------------------------------------------------------
>
> Key: IMPALA-11098
> URL: https://issues.apache.org/jira/browse/IMPALA-11098
> Project: IMPALA
> Issue Type: Question
> Components: Frontend
> Affects Versions: Impala 3.4.0
> Reporter: duanjinnan
> Priority: Minor
> Attachments: Snipaste_2022-01-29_11-40-08.png
>
>
> With kerberos and ranger on for authentication and acl to impala, creating kudu table using impala by a regular user will need "all access to all resource sets" (quoted from comments from impala source code) on ranger for this regular user. i think i have found the related implementation in impala source code, as shown in the pic attached.
>
> Since impala and hive share the same set of policies on ranger, this implementation will need us to give a regular user all access to all reources of hive, but the user just need to create a kudu table using impala.
>
> my question is this:
> is the implemetation reasonable, do we need to improve it?
> or am i wrong with something?
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org