CREATE ROLE statement
The CREATE ROLE
statement creates a role to which privileges can be granted. Privileges can be granted to roles,
which can then be assigned to users. A user that has been assigned a role will only be able to
exercise the privileges of that role. Only users that have administrative privileges can
create/drop roles. By default, the hive
, impala
and
hue
users have administrative privileges in Sentry.
Syntax:
CREATE ROLE role_name
Required privileges:
Only administrative users (those with ALL
privileges on the server, defined in the Sentry
policy file) can use this statement.
Compatibility:
Impala makes use of any roles and privileges specified by the GRANT
and
REVOKE
statements in Hive, and Hive makes use of any roles and privileges specified by the
GRANT
and REVOKE
statements in Impala. The Impala GRANT
and REVOKE
statements for privileges do not require the ROLE
keyword to be
repeated before each role name, unlike the equivalent Hive statements.
Cancellation: Cannot be cancelled.
HDFS permissions: This statement does not touch any HDFS files or directories, therefore no HDFS permissions are required.