Database Reference
In-Depth Information
The SELECT privilege
The
SELECT
privilege allows the user to read the data from a table. If users use
SHOW DATABASES
and
SHOW TABLES
statements, only objects for which a user has
this privilege will be shown in the output and the same goes with the
REFRESH
and
INVALIDATE METADATA
statements. These statements will only access metadata
for tables for which the user has this privilege.
The INSERT privilege
The
INSERT
privilege applies only to the
INSERT
and
LOAD DATA
statements, and
allows the user to write data into a table.
The ALL privilege
With the
ALL
privilege users can create or modify any object. This access privilege
is needed to execute DDL statements, that is,
CREATE TABLE
,
ALTER TABLE
, or
DROP TABLE
for a table,
CREATE DATABASE
or
DROP DATABASE
for a database,
or
CREATE VIEW
,
ALTER VIEW
, or
DROP VIEW
for a view.
Here are a few examples of how you can set the described privileges:
GRANT SELECT on TABLE table_name TO USER
user_name
GRANT ALL on TABLE table_name TO GROUP
group_name
Authentication through Kerberos
Authentication means verifying the credentials and confirming the identity of the user
before processing the request. Impala uses Kerberos security subsystems to au-
thenticate the user and his or her identity.
In the Cloudera Hadoop distribution, the Kerberos security can be enabled through
Cloudera Manager. Running Impala in a managed environment, Cloudera Manager
automatically completes the Kerberos configuration. At the time of writing this topic,
