Cloudera Docs

Specifying trusted users

You can specify which users can view and modify data stored in Kudu. Additionally, some services that interact with Kudu may authorize requests on behalf of their end users.

It may be desirable to allow certain users to view and modify any data stored in Kudu. Such users can be specified via the --trusted_user_acl master configuration. Trusted users can perform any operation that would otherwise require fine-grained privileges, without Kudu consulting the authorization service.

Furthermore, some services that interact with Kudu can authorize requests on behalf of their end users. For example, Apache Impala authorizes queries on behalf of its users, and sends requests to Kudu as the Impala service user, commonly "impala". Since Impala authorizes requests on its own, to avoid extraneous communication between the authorization service and Kudu, the Impala service user should be listed as a trusted user.
  1. In Cloudera Manager, navigate to Kudu > Configuration.
  2. Find the Master Advanced Configuration Snippet (Safetz Valve) for gflagfile propertz.
  3. Click View as XML and add the following configuration: 
    --trusted_user_acl=impala,hive,kudu,rangeradmin,[***TRUSTED USER***]
  4. Click Save Changes.
  5. Restart the Kudu service.