You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "duanjinnan (Jira)" <ji...@apache.org> on 2022/01/29 03:41:00 UTC

[jira] [Created] (IMPALA-11098) regular user which want to create kudu table using impala need unnecessary access on ranger

duanjinnan created IMPALA-11098:
-----------------------------------

             Summary: regular user which want to create kudu table using impala need unnecessary access on ranger
                 Key: IMPALA-11098
                 URL: https://issues.apache.org/jira/browse/IMPALA-11098
             Project: IMPALA
          Issue Type: Question
          Components: Frontend
    Affects Versions: Impala 3.4.0
            Reporter: duanjinnan
         Attachments: Snipaste_2022-01-29_11-40-08.png

With kerberos and ranger on for authentication and acl to impala, creating kudu table using impala  by  a regular user will need "all access to all resource sets" (quoted from comments from impala source code) on ranger for this regular user. i think i have found the related implementation in impala source code, as shown in the pic attached.

 

Since impala and hive share the same set of policies on ranger, this implementation will need us to give a regular user all access to all reources of hive, but the user just need to create a kudu table using impala.

 

my question is this:

is the implemetation reasonable, do we need to improve it?

or am i wrong with something?

 

 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org