Support Questions

yagoaparecidoti · ‎04-28-2022

we need to block the DDL (create, drop, insert, update) for whoever is using IMPALA, is it possible to do this type of blocking?

ps: user should only be able to SELECT with IMPALA and nothing else.

DDL should only work via HIVE.

Is it possible to do this type of blocking configuration?

ChethanYM · ‎04-28-2022

Hi @yagoaparecidoti ,

I do not think we have such option of blocking but as i know i think you can make it using sentry authorisation. If sentry is enabled in the cluster you should grant only "SELECT" privilege to all the users for all the databases/tables so if the users try any other DDL commands it will throw 'Authorisation exceptions".

Do refer the below documentation:

https://docs.cloudera.com/documentation/enterprise/6/6.3/topics/cm_sg_sentry_service.html

If you are using Ranger same can be achieved from ranger also.

Regards,

Chethan YM

yagoaparecidoti · ‎04-29-2022

hi @ChethanYM

unfortunately we need to do this type of blocking only in IMPALA, in HIVE it has to work normally.

when blocking by sentry, it will be replicated for any type of access that the user will use, such as hive, impala, beeline, etc.

Cloudera Community

Support Questions

block DDL in IMPALA, run only SELECT in IMPALA