Creating a SQL policy to query an Iceberg table

You learn how to set up the second required policy for using Iceberg. This policy manages SQL query access to Iceberg tables.

You create a Hadoop SQL policy to allow roles, groups, or users to query an Iceberg table in a database. In this task, you see an example of just one of many ways to configure the policy conditions. You grant (allow) the selected roles, groups, or users the following add or edit permissions on the table: Select, Update, Create, Drop, Alter, and All. You can also deny permissions.

For more information about creating this policy, see Ranger documentation.
  1. Log into Ranger Admin Web UI.
    The Ranger Service Manager appears.
  2. Click Add New Policy.
  3. Fill in required fields.
    For example, enter the following required settings:
    • In Policy Name, enter the name of the policy, for example IcebergPolicy1.

    • In database, enter the name of the database controlled by this policy, for example icedb.

    • In table, enter the name of the table controlled by this policy, for example icetable.
    • In columns, enter the name of the column controlled by this policy, for example enter the wildcard asterisk (*) to allow access to all columns of icetable.
    • Accept defaults for other settings.
    Ranger > Create HadoopSQL Policy page.
  4. Scroll down to Allow Conditions, and select the roles, groups, or users you want to access the table.
    You can use Deny All Other Accesses to deny access to all other roles, groups, or users other than those specified in the allow conditions for the policy.
  5. Select permissions to grant.
    For example, select Create, Select, and Alter. Alternatively, to provide the broadest permissions, select All.
    Ignore RW Storage and other permissions not named after SQL queries. These are for future implementations.
  6. Click Add.