Created 04-28-2022 10:52 AM
we need to block the DDL (create, drop, insert, update) for whoever is using IMPALA, is it possible to do this type of blocking?
ps: user should only be able to SELECT with IMPALA and nothing else.
DDL should only work via HIVE.
Is it possible to do this type of blocking configuration?
Created 04-28-2022 11:45 PM
Hi @yagoaparecidoti ,
I do not think we have such option of blocking but as i know i think you can make it using sentry authorisation. If sentry is enabled in the cluster you should grant only "SELECT" privilege to all the users for all the databases/tables so if the users try any other DDL commands it will throw 'Authorisation exceptions".
Do refer the below documentation:
https://docs.cloudera.com/documentation/enterprise/6/6.3/topics/cm_sg_sentry_service.html
If you are using Ranger same can be achieved from ranger also.
Regards,
Chethan YM
Created 04-29-2022 05:34 AM
hi @ChethanYM
unfortunately we need to do this type of blocking only in IMPALA, in HIVE it has to work normally.
when blocking by sentry, it will be replicated for any type of access that the user will use, such as hive, impala, beeline, etc.