Kudu authorization policies

Review the authorization policies that are enforced by Kudu masters and Kudu tablet servers.

Policy for Kudu masters

The following authorization policy is enforced by Kudu masters:

Table 1. Authorization Policy for Masters
Operation	Required Privilege
`CreateTable`	`CREATE ON DATABASE`
`CreateTable` with a different owner specified than the requesting user	`ALL ON DATABASE` with the Sentry `GRANT OPTION`.
`DeleteTable`	`DROP ON TABLE`
`AlterTable` (with no rename)	`ALTER ON TABLE`
`AlterTable` (with rename)	`ALL ON TABLE <old-table>` and `CREATE ON DATABASE <new-database>`
`IsCreateTableDone`	`METADATA ON TABLE`
`IsAlterTableDone`	`METADATA ON TABLE`
`ListTables`	`METADATA ON TABLE`
`GetTableLocations`	`METADATA ON TABLE`
`GetTableSchema`	`METADATA ON TABLE`
`GetTabletLocations`	`METADATA ON TABLE`

Policy for Kudu tablet servers

The following authorization policy is enforced by Kudu tablet servers:

Table 2. Authorization Policy for Tablet Servers
Operation	Required Privilege
`Scan`	`SELECT ON TABLE`, or `METADATA ON TABLE` and `SELECT ON COLUMN` for each projected column and each predicate column
`Scan` (no projected columns, equivalent to `COUNT(*)`)	`SELECT ON TABLE`, or `SELECT ON COLUMN` for each column in the table
`Scan` (with virtual columns)	`SELECT ON TABLE`, or `SELECT ON COLUMN` for each column in the table
`Scan` (in `ORDERED` mode)	`<privileges required for a Scan>` and `SELECT ON COLUMN` for each primary key column
`Insert`	`INSERT ON TABLE`
`Update`	`UPDATE ON TABLE`
`Upsert`	`INSERT ON TABLE` and `UPDATE ON TABLE`
`Delete`	`DELETE ON TABLE`
`SplitKeyRange`	`SELECT ON COLUMN` for each primary key column and `SELECT ON COLUMN`for each projected column
`Checksum`	User must be configured in `--superuser_acl`
`ListTablets`	User must be configured in `--superuser_acl`