Ranger policies for Kudu
There are two Kudu related Ranger policies which are applied based on how you are accessing Kudu.
There are two resource-based services in Ranger that are used in relation to Kudu:
The Kudu service and its connected clients, such as Spark, native C++, and Java clients, use
cm_kudu resource-based service.
Hadoop SQL resource-based service is used by Hive and Impala when Kudu is
accessed through them.
When Kudu is accessed by Impala, the Impala service performs actions as the
impala user in Kudu. The
impala user is set as a trusted user
in Kudu, meaning that privilege checks are completely bypassed and the impala user is granted
full access. As a result, the
cm_kudu resource-based service is not applied,
Hadoop SQL resource-based service is used to check for permission and
As a result, when you are accessing Kudu through Hive or Impala, you must ensure that all
applicable permission and privileges are configured in the