Creating external table pointing to an existing Kudu table using storage handler privileges

A user can now create an external Kudu table pointing to an existing Kudu table if the user is granted the RWSTORAGE privilege on the resource specified by a storage handler URI. Before this release, a user was required to have the ALL privilege on SERVER to create an external Kudu table for an existing Kudu table. This has been simplified by the introduction of a new type of resource called storage handler URI and a new access type called RWSTORAGE that will be supported by Apache Ranger.

For instance, to allow a user <usr> to create an external Kudu table based on an existing Kudu table 'impala::tpch_kudu.nation', it suffices for an administrator to execute the following command to grant the necessary privilege to the user <usr>, where "localhost" is the default address of the Kudu master host assuming there is only one single master host on the cluster.

GRANT RWSTORAGE ON
   STORAGEHANDLER_URI 'kudu://localhost/impala::tpch_kudu.nation'
   TO USER <usr>

For a user to create a new Kudu table in Impala, the RWSTORAGE privilege on a specific storage handler URI or the ALL privilege on SERVER are not required. A user is allowed to create such a Kudu table once the user is granted the privilege in Ranger's Hadoop SQL policy repository to create a table under the corresponding database.

For information on configuring a policy that allows authorized users to create data tables using storage handlers, see the link under Related Information.