Editing a storage handler policy to access Iceberg files on HDFS or S3
You learn how to edit the existing default Hadoop SQL Storage Handler policy to access files. This policy is one of the two Ranger policies required to use Iceberg.
In this task, you specify Iceberg as the storage-type and allow the broadest access by setting the URL to *.
The Hadoop SQL Storage Handler policy supports only the RW Storage permission. A user having the required RW Storage permission on a resource, such as Iceberg, that you specify in the storage-type properties, is allowed only to reference the table location (for create/alter operations) in Iceberg. The RW Storage permission does not provide access to any table data. You need to create the Hadoop SQL policy described in the next topic in addition to this Hadoop SQL Storage Handler policy to access data in tables.
For more information about these policy settings, see Ranger Storage Handler documentation.
Log into Ranger Admin Web UI.
The Ranger Service Manager appears:
In Policy Name, enable the all - storage-type,
- In Service Manager, in Hadoop SQL, select Edit and edit the all storage-type, storage-url policy.
- Below Policy Label, select storage-type, and enter iceberg..
In Storage URL, enter the value *, enable Include.
For more information about these policy settings, see Ranger storage handler documentation.
In Allow Conditions, specify roles, users, or groups to whom you want to grant
RW storage permissions.
You can specify
PUBLICto grant access to Iceberg tables permissions to all users. Alternatively, you can grant access to one user. For example, add the systest user to the list of users who can access Iceberg:For more information about granting permissions, see Configure a resource-based policy: Hadoop-SQL.
- Add the RW Storage permission to the policy.
- Save your changes.