Creating a policy to query an Iceberg table

You learn how to set up the second required policy for using Iceberg. This policy manages SQL query access to Iceberg tables.

In this task, you create a Hadoop SQL policy to allow a user to query an Iceberg table in a database. You set the conditions that allow (or deny) the selected user the following query permissions on the table: Select, Update, Create, Drop, Alter, and All. For more information about creating a policy, see Ranger documentation.
  1. Log into Ranger Admin Web UI.
    The Ranger Service Manager appears:
  2. On the Service Manager page, select an existing HadoopSQL service.
    The List of Policies page appears.
  3. Click Add New Policy.
  4. Fill in required fields.
    For example, enter the following required settings:
    • In Policy Name, set the name of the policy, for example IcebergPolicy1.

    • In database, set the name of the database controlled by this policy, for example icedb.

    • In table, set the name of the table controlled by this policy, for example icetable.
    • In columns, set the name of the column controlled by this policy, for example enter the wildcard asterisk (*) to allow access to all columns of icetable.
    • Accept defaults for other settings.
    Ranger > Create HadoopSQL Policy page.
  5. Scroll down to Allow Conditions, and select the user you want to access the table.
    You can use Deny All Other Accesses to deny access to all other users, groups, and roles other than those specified in the allow conditions for the policy.
  6. Select permissions to give the user.
    For example, select Create, Select, and Alter. Alternatively, to provide the broadest permissions, select All.
    Ignore RW Storage and other permissions not named after SQL queries. These are for future implementations.
  7. Click Add.