Support Questions
Find answers, ask questions, and share your expertise

block DDL in IMPALA, run only SELECT in IMPALA

we need to block the DDL (create, drop, insert, update) for whoever is using IMPALA, is it possible to do this type of blocking?


ps: user should only be able to SELECT with IMPALA and nothing else.


DDL should only work via HIVE.


Is it possible to do this type of blocking configuration?


Expert Contributor

Hi @yagoaparecidoti ,


I do not think we have such option of blocking but as i know i think you can make it using sentry authorisation. If sentry is enabled in the cluster you should grant only "SELECT" privilege to all the users for all the databases/tables so if the users try any other DDL commands it will throw 'Authorisation exceptions".


Do refer the below documentation:


If you are using Ranger same can be achieved from ranger also.



Chethan YM



hi @ChethanYM 


unfortunately we need to do this type of blocking only in IMPALA, in HIVE it has to work normally.


when blocking by sentry, it will be replicated for any type of access that the user will use, such as hive, impala, beeline, etc.

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.