duanjinnan created IMPALA-11098:
-----------------------------------
Summary: regular user which want to create kudu table using impala
need unnecessary access on ranger
Key: IMPALA-11098
URL: https://issues.apache.org/jira/browse/IMPALA-11098
Project: IMPALA
Issue Type: Question
Components: Frontend
Affects Versions: Impala 3.4.0
Reporter: duanjinnan
Attachments: Snipaste_2022-01-29_11-40-08.png
With kerberos and ranger on for authentication and acl to impala, creating kudu
table using impala by a regular user will need "all access to all resource
sets" (quoted from comments from impala source code) on ranger for this regular
user. i think i have found the related implementation in impala source code, as
shown in the pic attached.
Since impala and hive share the same set of policies on ranger, this
implementation will need us to give a regular user all access to all reources
of hive, but the user just need to create a kudu table using impala.
my question is this:
is the implemetation reasonable, do we need to improve it?
or am i wrong with something?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
