Database Reference
In-Depth Information
Impala security guidelines for a higher
level of protection
Now let's take a look at the security guidelines for Impala, which could improve the se-
curity against malicious intruders, unauthorized access, accidents, and common mis-
takes. Here is the comprehensive list, which definitely can harden a cluster running
Impala:
• Impala specific guidelines
• Make sure that the Hadoop ownership and permissions for Impala
data files are restricted
• Make sure that the Hadoop ownership and permissions for Impala
audit logs files are restricted
• Make sure that the Impala web UI is password protected
• Enable authorization by executing impalad daemons with
-serv-
er_name
and
-authorization_policy_file
options on all
nodes
• When creating databases, tables, and views, using tables and other
databases structures allow policy rules to specify simple and consist-
ent rules
• System specific guidelines
• Create a policy file that specifies which Impala privileges are available
to users in particular Hadoop groups
• Make sure that the Kerberos authentication is enabled and working
with Impala
• Tighten the HDFS file ownership and permission mechanism
• Keeping a long list of sudoers is definitely a big red flag. Keep the list
of sudoers to a bare minimum to stop unauthorized and unwanted ac-
cess
• Secure the Hive metastore from unwanted and unauthorized access
