Database Reference
In-Depth Information
Impala security
Impala is designed and developed to run on top of Hadoop. So you must understand
the Hadoop security model as well as the security provided in the OS where Hadoop
is running. If Hadoop is running on Linux, then a Linux administrator and Hadoop ad-
ministrator user can tighten the security, which definitely can be taken into account
with the security provided by Impala. Impala 1.1 or higher uses Sentry Open Source
Project to provide a detailed authorization framework for Hadoop. Impala 1.1.1 sup-
ports auditing capabilities in a cluster by creating auditing data, which can be collected
from all nodes and then processed for further analysis and insight.
Here, in this chapter, we will talk about the security features provided by Impala. To
start with Impala security, we can consider the following types of security features.
Authorization
Authorization means "who can access the data resources" and "what kind of action is
approved for which user." Impala uses the Linux OS user ID of the user who started
the Impala shell process or another client application. This user ID is associated with
other privileges to be used with Impala. With Impala 1.1, the Open Source Sentry pro-
ject is used for authorization. so users can learn more by accessing relevant informa-
tion in this regard.
Impala uses the same authorization privilege model that is used with other database
systems, that is, MySQL and Hive. In Impala, privilege is granted to various kinds of
objects in schema. Any privilege that can be granted is associated with a level in the
object hierarchy. For example, if a container object is given privilege, the child object
automatically inherits it.
Currently only Server Name, URI, Databases, and Tables can be used to restrict priv-
ileges; however, partition- or column-level restriction is not supported.
Following this we will learn how a restricted set of privileges determines what you can
do with each object.
