You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by ta...@apache.org on 2019/06/01 17:27:54 UTC
[impala] 02/03: [DOCS] Added the section on object ownership
This is an automated email from the ASF dual-hosted git repository.
tarmstrong pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git
commit d9de31ea439847a9c011c3b3e14f38a8ee0f606b
Author: Alex Rodoni <ar...@cloudera.com>
AuthorDate: Thu May 30 12:18:43 2019 -0700
[DOCS] Added the section on object ownership
Change-Id: Iff48684f457ef19a27524adfbcc2ae5e098320a3
Reviewed-on: http://gerrit.cloudera.org:8080/13478
Tested-by: Impala Public Jenkins <im...@cloudera.com>
Reviewed-by: Alex Rodoni <ar...@cloudera.com>
---
docs/topics/impala_authorization.xml | 39 ++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/docs/topics/impala_authorization.xml b/docs/topics/impala_authorization.xml
index c49fa97..f4be80b 100644
--- a/docs/topics/impala_authorization.xml
+++ b/docs/topics/impala_authorization.xml
@@ -106,6 +106,45 @@ under the License.
</concept>
+ <concept id="object_ownership">
+
+ <title>Object Ownership in Sentry</title>
+
+ <conbody>
+
+ <p>
+ Impala supports the ownership on databases, tables, and views. The
+ <codeph>CREATE</codeph> statements implicitly make the user running the statement the
+ owner of the object. An owner has the <codeph>OWNER</codeph> privilege if enabled in
+ Sentry. For example, if <varname>User A</varname> creates a database,
+ <varname>foo</varname>, via the <codeph>CREATE DATABASE</codeph> statement,
+ <varname>User A</varname> now owns the <varname>foo</varname> database and is authorized
+ to perform any operation on the <varname>foo</varname> database.
+ </p>
+
+ <p>
+ The <codeph>OWNER</codeph> privilege is not a grantable or revokable privilege whereas
+ the <codeph>ALL</codeph> privilege is explicitly granted via the <codeph>GRANT</codeph>
+ statement.
+ </p>
+
+ <p>
+ The object ownership feature is controlled by a Sentry configuration. The
+ <codeph>OWNER</codeph> privilege is only granted when the feature is enabled in Sentry.
+ When enabled they get the owner privilege, with or without the <codeph>GRANT
+ OPTION</codeph>, which is also controlled by the Sentry configuration.
+ </p>
+
+ <p>
+ An ownership can be transferred to another user or role via the <codeph>ALTER
+ DATABASE</codeph>, <codeph>ALTER TABLE</codeph>, or <codeph>ALTER VIEW</codeph> with the
+ <codeph>SET OWNER</codeph> clause.
+ </p>
+
+ </conbody>
+
+ </concept>
+
<concept id="secure_startup">
<title>Starting Impala with Sentry Authorization Enabled</title>