Apache Impala ReferencePDF version

Creating external table pointing to an existing Kudu table using storage handler privileges

A user can now create an external Kudu table pointing to an existing Kudu table if the user is granted the RWSTORAGE privilege on the resource specified by a storage handler URI. Before this release, a user was required to have the ALL privilege on SERVER to create an external Kudu table for an existing Kudu table. This has been simplified by the introduction of a new type of resource called storage handler URI and a new access type called RWSTORAGE that will be supported by Apache Ranger.

For instance, to allow a user <usr> to create an external Kudu table based on an existing Kudu table 'impala::tpch_kudu.nation', it suffices for an administrator to execute the following command to grant the necessary privilege to the user <usr>, where "localhost" is the default address of the Kudu master host assuming there is only one single master host on the cluster.

GRANT RWSTORAGE ON
   STORAGEHANDLER_URI 'kudu://localhost/impala::tpch_kudu.nation'
   TO USER <usr>

For a user to create a new Kudu table in Impala, the RWSTORAGE privilege on a specific storage handler URI or the ALL privilege on SERVER are not required. A user is allowed to create such a Kudu table once the user is granted the privilege in Ranger's Hadoop SQL policy repository to create a table under the corresponding database.

For information on configuring a policy that allows authorized users to create data tables using storage handlers, see the link under Related Information.

We want your opinion

How can we improve this page?

What kind of feedback do you have?