Support Questions

Find answers, ask questions, and share your expertise
Celebrating as our community reaches 100,000 members! Thank you!

block DDL in IMPALA, run only SELECT in IMPALA


we need to block the DDL (create, drop, insert, update) for whoever is using IMPALA, is it possible to do this type of blocking?


ps: user should only be able to SELECT with IMPALA and nothing else.


DDL should only work via HIVE.


Is it possible to do this type of blocking configuration?


Super Collaborator

Hi @yagoaparecidoti ,


I do not think we have such option of blocking but as i know i think you can make it using sentry authorisation. If sentry is enabled in the cluster you should grant only "SELECT" privilege to all the users for all the databases/tables so if the users try any other DDL commands it will throw 'Authorisation exceptions".


Do refer the below documentation:


If you are using Ranger same can be achieved from ranger also.



Chethan YM




hi @ChethanYM 


unfortunately we need to do this type of blocking only in IMPALA, in HIVE it has to work normally.


when blocking by sentry, it will be replicated for any type of access that the user will use, such as hive, impala, beeline, etc.