Ranger policies allowing create privilege for Hadoop_SQL databases
Users with authorized access through Ranger policies in Hadoop SQL with at least one of the following permissions can create databases.
In CDP, an authorized user can create Hadoop_SQL databases with or without specifying
location. If you do not specify location, then the database is created in the
default HDFS location used by Hadoop_SQL. If you specify location, then the database
is created in the HDFS location you specify.
- A user creating databases with location clauses requires one of the
following additional access:
- direct read and write access to the HDFS location
-
a Ranger Hadoop_SQL URL policy that provides the user all permissions on the HDFS location
- A hive user creating databases with location clauses must have all
permissions on the HDFS location using one of the following:
- an appropriate HDFS POSIX permission
- HDFS ACL
- HDFS Ranger policy
| User | Permission | Database | Table | Column | UDF |
|---|---|---|---|---|---|
| hive and impala | all | all (database=*) | |||
| all (database=*) | all (table=*) | ||||
| all (database=*) | all (table=*) | all (column=*) | |||
| all (database=*) | udf=* | ||||
| hive and impala | create | all (database=*) | |||
| all (database=*) | all (table=*) | ||||
| all (database=*) | all (table=*) | all (column=*) | |||
| all (database=*) | udf=* |
