This topic describes how to enable or disable overall permissions for the catalog.
Procedure
Enable permissions
Log on to the Data Lake Formation console.
In the left-side navigation pane, click .
When the permission control of the target Catalog List is in a shutdown status, click Whether to Enable Permission Control column's
, in the pop-up confirmation box, click OK to complete permission enabling.
After enabling permissions, access to metadata and data will perform permission verification. Please conduct a business assessment before enabling permissions. The impact after enabling permissions is as follows:
The metadata management and data exploration features of DLF will be subject to access control. If the user is not granted permission, they cannot access the corresponding metadata and data.
In E-MapReduce, if permission controls for engines, such as Hive, Spark, Presto and Impala, are enabled simultaneously, then when accessing data through these engines, users who have not been granted permissions will not be able to access the corresponding data. For how to enable DLF-AUTH permissions in EMR, see DLF-Auth.
Disable permissions
In the left-side navigation pane, click .
When the permission control of the target catalog list is in an enabled status, click Whether to Enable Permission Control column's
, in the pop-up confirmation box, click OK to complete permission disabling.
After disabling permissions, access to metadata and data will no longer perform permission verification. Please conduct a business assessment before disabling permissions. The impact after disabling permissions is as follows:
The metadata management and data exploration features of DLF will no longer be subject to access control. Regardless of whether the user has data permissions, as long as they have menu permissions, they can access any data.
In E-MapReduce, to disable permissions, related disable operations must be performed on DLF-AUTH. For example, to disable Hive permissions, execute the disableHive operation in the DLF-AUTH component.