Permission Principles and Constraints
General Constraints
- Access data sources in the same cluster using HetuEngine
If Ranger authentication is enabled for HetuEngine, the PBAC permission policy of Ranger is used for authentication.
If Ranger authentication is disabled for HetuEngine, the RBAC permission policy of MetaStore is used for authentication.
- Access data sources in different clusters using HetuEngine
The permission policy is controlled by the permissions of the HetuEngine client and the data source. (In Hive scenarios, it depends on HDFS.)
- HetuEngine users do not support the supergroup user group.
- When querying a view, you only need to grant the select permission on the target view. When querying a join table using a view, you need to grant the select permission on the view and table.
When the permission control type of HetuEngine is changed, the HetuEngine service, including the HetuEngine compute instance running on Yarn, needs to be restarted.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.