When using impala under CDH 5.15, refreshing functions under specifc databases by some user will got an error like "AuthorizationException : user aaa does not have privileges to access: server" .
The system is centry enabled with kerberos.
What privileges shall we grant to the user ?
CREATE DATABASE shared_udfs; USE shared_udfs; ...use CREATE FUNCTION statements in Hive to create some Java-based UDFs that Impala is not initially aware of... REFRESH FUNCTIONS shared_udfs; SELECT udf_created_by_hive(c1) FROM ...
It seems that only db_name is needed according to
REFRESH FUNCTIONS db_name
And in 2.X version of impala the only way is to grant all on server to the role, while in Impala 3.0 and higher the minimum level of privileges required by refresh functions is to grant refresh on database to the role.