[jira] [Commented] (IMPALA-10211) Add support for role-related statements

Sat, 17 Jan 2026 14:42:10 -0800 


    [ 
https://issues.apache.org/jira/browse/IMPALA-10211?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18052593#comment-18052593
 ] 

ASF subversion and git services commented on IMPALA-10211:
----------------------------------------------------------

Commit 8e3c99b801454433bbda98943d5ea6f4a3eb5d08 in impala's branch 
refs/heads/master from Fang-Yu Rao
[ https://gitbox.apache.org/repos/asf?p=impala.git;h=8e3c99b80 ]

IMPALA-14085: Implement GRANT/REVOKE ROLE TO/FROM a user

As a follow-up to IMPALA-10211, this patch adds the support for the
following role-related statements.
1. GRANT ROLE <role_name> TO USER <user_name>.
2. REVOKE ROLE <role_name> FROM USER <user_name>.
3. SHOW ROLE GRANT USER <user_name>.

Testing:
 - Extended the test file grant_revoke.test to additionally cover the
   scenario in which the grantee/revokee is a user.
 - Added an end-to-end test to briefly verify the statements
   SHOW ROLE GRANT USER <user_name> and SHOW CURRENT ROLES are working
   as expected.

Change-Id: Ie5a16aeb4bbf8637ad326a1ec3d5fce1b196d73f
Reviewed-on: http://gerrit.cloudera.org:8080/23815
Tested-by: Impala Public Jenkins <[email protected]>
Reviewed-by: Fang-Yu Rao <[email protected]>


> Add support for role-related statements
> ---------------------------------------
>
>                 Key: IMPALA-10211
>                 URL: https://issues.apache.org/jira/browse/IMPALA-10211
>             Project: IMPALA
>          Issue Type: New Feature
>          Components: Frontend, Security
>            Reporter: Fang-Yu Rao
>            Assignee: Fang-Yu Rao
>            Priority: Major
>              Labels: backwards-compatibility
>
> After IMPALA-9708, we dropped the support for Sentry, an authorization 
> service providing role-based authorization. Since then Impala lacks support 
> for role-based authorization.
> On the other hand, after RANGER-2425, Ranger added APIs for role-related SQL 
> statements. It would be nice to enable role-related SQL statements in Impala 
> with Ranger being the authorization provider so that users that were using 
> Sentry as the authorization provider could still be using Impala if 
> role-based authorization is required.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to