Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

block DDL in IMPALA, run only SELECT in IMPALA

avatar
Rising Star

we need to block the DDL (create, drop, insert, update) for whoever is using IMPALA, is it possible to do this type of blocking?

 

ps: user should only be able to SELECT with IMPALA and nothing else.

 

DDL should only work via HIVE.

 

Is it possible to do this type of blocking configuration?

2 REPLIES 2

avatar
Super Collaborator

Hi @yagoaparecidoti ,

 

I do not think we have such option of blocking but as i know i think you can make it using sentry authorisation. If sentry is enabled in the cluster you should grant only "SELECT" privilege to all the users for all the databases/tables so if the users try any other DDL commands it will throw 'Authorisation exceptions".

 

Do refer the below documentation:

https://docs.cloudera.com/documentation/enterprise/6/6.3/topics/cm_sg_sentry_service.html

 

If you are using Ranger same can be achieved from ranger also.

 

Regards,

Chethan YM

 

 

avatar
Rising Star

hi @ChethanYM 

 

unfortunately we need to do this type of blocking only in IMPALA, in HIVE it has to work normally.

 

when blocking by sentry, it will be replicated for any type of access that the user will use, such as hive, impala, beeline, etc.