You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues-all@impala.apache.org by "duanjinnan (Jira)" <ji...@apache.org> on 2022/01/29 03:41:00 UTC
[jira] [Created] (IMPALA-11098) regular user which want to create kudu table using impala need unnecessary access on ranger
duanjinnan created IMPALA-11098:
-----------------------------------
Summary: regular user which want to create kudu table using impala need unnecessary access on ranger
Key: IMPALA-11098
URL: https://issues.apache.org/jira/browse/IMPALA-11098
Project: IMPALA
Issue Type: Question
Components: Frontend
Affects Versions: Impala 3.4.0
Reporter: duanjinnan
Attachments: Snipaste_2022-01-29_11-40-08.png
With kerberos and ranger on for authentication and acl to impala, creating kudu table using impala by a regular user will need "all access to all resource sets" (quoted from comments from impala source code) on ranger for this regular user. i think i have found the related implementation in impala source code, as shown in the pic attached.
Since impala and hive share the same set of policies on ranger, this implementation will need us to give a regular user all access to all reources of hive, but the user just need to create a kudu table using impala.
my question is this:
is the implemetation reasonable, do we need to improve it?
or am i wrong with something?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org