Configuring User Permissions for Spark Tables, Columns, and Databases
Scenarios
You can configure related permissions if you need to access tables or databases created by other users. SparkSQL supports column-based permission control. If a user needs to access some columns in tables created by other users, the user must be granted the permission for columns. The following describes how to grant table, column, and database permissions to users by using the role management function of Manager.
Procedure
The operations for granting permissions on SparkSQL tables, columns, and databases are the same as those for Hive. For details, see Hive User Permission Management.
- Any permission granted on a table in the database is automatically linked to the HDFS permission on the database directory, simplifying permission management. When any permission on a table is revoked, the system does not automatically revoke the HDFS permission on the database directory. This design choice helps maintain performance. As a result, users may still be able to access the database directory and view table names.
- If you add or remove query permission for a database role, the corresponding query permission for tables in that database will also be added or removed automatically. This mechanism is inherited from Hive.
- In Spark, the column name of the struct data type cannot contain special characters, that is, characters other than letters, digits, and underscores (_). If the column name of the struct data type contains special characters, the column cannot be displayed on FusionInsight Manager when you grant permissions to roles on the role page.
Concepts
SparkSQL statements are processed in SparkSQL. Table 1 describes the permission requirements.
|
Scenario |
Required Permission |
|---|---|
|
CREATE TABLE |
CREATE, RWX+ownership (for creating external tables - the location)
NOTE:
When creating datasource tables in a specified file path, the RWX and ownership permission on the file next to the path is required. |
|
DROP TABLE |
Ownership (of table) |
|
DROP TABLE PROPERTIES |
Ownership |
|
DESCRIBE TABLE |
Select |
|
SHOW PARTITIONS |
Select |
|
ALTER TABLE LOCATION |
Ownership, RWX+ownership (for new location) |
|
ALTER PARTITION LOCATION |
Ownership, RWX+ownership (for new partition location) |
|
ALTER TABLE ADD PARTITION |
Insert, RWX and ownership (for partition location) |
|
ALTER TABLE DROP PARTITION |
Delete |
|
ALTER TABLE(all of them except the ones above) |
Update,Ownership |
|
TRUNCATE TABLE |
Ownership |
|
CREATE VIEW |
Select, Grant Of Select, and CREATE |
|
ALTER VIEW PROPERTIES |
Ownership |
|
ALTER VIEW RENAME |
Ownership |
|
ALTER VIEW ADD PARTS |
Ownership |
|
ALTER VIEW AS |
Ownership |
|
ALTER VIEW DROPPARTS |
Ownership |
|
ANALYZE TABLE |
Search, Insert |
|
SHOW COLUMNS |
Select |
|
SHOW TABLE PROPERTIES |
Select |
|
CREATE TABLE AS SELECT |
Select, CREATE |
|
SELECT |
Select
NOTE:
The same as tables, you need to have the Select permission on a view when performing a SELECT operation on the view. |
|
INSERT |
Insert, Delete (for overwrite) |
|
LOAD |
Insert, Delete, RWX+ownership(input location) |
|
SHOW CREATE TABLE |
Select and Grant Of Select |
|
CREATE FUNCTION |
ADMIN |
|
DROP FUNCTION |
ADMIN |
|
DESC FUNCTION |
- |
|
SHOW FUNCTIONS |
- |
|
MSCK (metastore check) |
Ownership |
|
ALTER DATABASE |
ADMIN |
|
CREATE DATABASE |
- |
|
SHOW DATABASES |
- |
|
EXPLAIN |
Select |
|
DROP DATABASE |
Ownership |
|
DESC DATABASE |
- |
|
CACHE TABLE |
Select |
|
UNCACHE TABLE |
Select |
|
CLEAR CACHE TABLE |
ADMIN |
|
REFRESH TABLE |
Select |
|
ADD FILE |
ADMIN |
|
ADD JAR |
ADMIN |
|
HEALTHCHECK |
- |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
