impala-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthew Jacobs (Code Review)" <>
Subject [Impala-ASF-CR] IMPALA-5489: Improve Sentry authorization for Kudu tables
Date Tue, 27 Jun 2017 21:22:07 GMT
Matthew Jacobs has uploaded a new change for review.

Change subject: IMPALA-5489: Improve Sentry authorization for Kudu tables

IMPALA-5489: Improve Sentry authorization for Kudu tables

IMPALA-4000 added basic authorization support for Kudu
tables, but it had several limitations:
* Only the ALL privilege level can be granted to Kudu tables.
  (Finer-grained levels such as only SELECT or only INSERT are
  not supported.)
* Column level permissions on Kudu tables are not supported.
* Only users with ALL privileges on SERVER may create external
  Kudu tables.

This patch relaxes the restrictions to allow:
* Allow column-level permissions
* Allow fine grained privileges SELECT and INSERT for those
  statement types.

However, DELETE/UPDATE/UPSERT privileges still require ALL (or
SELECT and INSERT) because Sentry doesn't have fine grained
privilege actions for those types yet.

Change-Id: Ib12d2b32fa3e142e69bd8b0f24f53f9e5cbf7460
Testing: Adds FE and EE tests.
M fe/src/main/java/org/apache/impala/analysis/
M fe/src/test/java/org/apache/impala/analysis/
M fe/src/test/java/org/apache/impala/analysis/
M testdata/workloads/functional-query/queries/QueryTest/grant_revoke.test
4 files changed, 66 insertions(+), 22 deletions(-)

  git pull ssh:// refs/changes/07/7307/1
To view, visit
To unsubscribe, visit

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib12d2b32fa3e142e69bd8b0f24f53f9e5cbf7460
Gerrit-PatchSet: 1
Gerrit-Project: Impala-ASF
Gerrit-Branch: master
Gerrit-Owner: Matthew Jacobs <>

View raw message