Specifying trusted users
You can specify which users can view and modify data stored in Kudu. Additionally, some services that interact with Kudu may authorize requests on behalf of their end users.
It may be desirable to allow certain users to view and modify any data stored in Kudu. Such users can be specified via the --trusted_user_acl master configuration. Trusted users can perform any operation that would otherwise require fine-grained privileges, without Kudu consulting the authorization service.
Furthermore, some services that interact with Kudu can authorize requests on behalf
of their end users. For example, Apache Impala authorizes queries on behalf of its users, and
sends requests to Kudu as the Impala service user, commonly "impala". Since Impala authorizes
requests on its own, to avoid extraneous communication between the authorization service and
Kudu, the Impala service user should be listed as a trusted user.