You learn how to set up the second required policy for using Iceberg. This policy
manages SQL query access to Iceberg tables.
In this task, you create a Hadoop SQL policy to allow a user to query an Iceberg
table in a database. You set the conditions that allow (or deny) the selected user the
following query permissions on the table: Select, Update, Create, Drop, Alter, and All.
For more information about creating a policy, see Ranger documentation.
Log into Ranger Admin Web UI.
The Ranger Service Manager appears:
On the Service Manager page, select an existing HadoopSQL service.
The List of Policies page appears.
Click Add New Policy.
Fill in required fields.
For example, enter the following required settings:
In Policy Name, set the name of the policy,
for example IcebergPolicy1.
In database, set the name of the database
controlled by this policy, for example icedb.
In table, set the name of the table controlled by
this policy, for example icetable.
In columns, set the name of the column controlled
by this policy, for example enter the wildcard asterisk (*) to allow
access to all columns of icetable.
Accept defaults for other settings.
Scroll down to Allow Conditions, and select the user you
want to access the table.
You can use Deny All Other Accesses to deny access to all other users,
groups, and roles other than those specified in the allow conditions for the
policy.
Select permissions to give the user.
For example, select Create, Select, and Alter. Alternatively, to provide
the broadest permissions, select All.
Ignore RW Storage and other permissions not named after SQL queries. These are
for future implementations.