This topic describes how to integrate Impala with Ranger and how to configure related permissions.

Background information

After Impala is integrated with Ranger, you can use Ranger to manage the related permissions if you want to access data in Hive tables by using impala-shell commands, Hue, and Java Database Connectivity (JDBC).

Prerequisites

A Hadoop cluster of E-MapReduce (EMR) V4.4.1 or later is created, and Ranger and Impala are selected from the optional services when you create the cluster. For more information, see Create a cluster.

Integrate Impala with Ranger

  1. In the Alibaba Cloud EMR console, integrate Hive with Ranger. For more information, see Hive.
    Note In Ranger, Impala and Hive use the same Ranger service (emr-hive) to manage permissions. Therefore, you must configure Hive in Ranger first.
    Impala needs to download a policy of the emr-hive service. Therefore, when you specify the Add New Configurations parameter for the emr-hive service, you must add the impala user to Value for policy.download.auth.users in the Name column. impala
  2. Enable Impala in Ranger.
    1. Go to the Cluster Management page in the Alibaba Cloud EMR console. Find your cluster and click Details in the Actions column.
    2. In the left-side navigation pane, choose Cluster Service > RANGER.
    3. On the Ranger service page, choose Actions > EnabledImpala in the upper-right corner.
      Impala_ranger
    4. Perform the following operations on the cluster:
      1. In the Cluster Activities dialog box, specify Description and click OK.
      2. In the Confirm message, click OK.
      3. Click History in the upper-right corner to view the task progress.
  3. Restart Impala.
    1. In the left-side navigation pane, choose Cluster Service > Impala.
    2. On the Impala service page, choose Actions > Restart All Components in the upper-right corner.
    3. Perform the following operations on the cluster:
      1. In the Cluster Activities dialog box, specify Description and click OK.
      2. In the Confirm message, click OK.
      3. Click History in the upper-right corner to view the task progress.

Examples of permission configurations

Note In Ranger, you are not allowed to configure row-level filtering of Hive data and role-based permissions for Impala.

For example, you can perform the following steps to grant the foo user the SELECT permission on column a of the testdb.test table.

  1. Log on to Ranger. For more information, see Overview.
  2. Click emr-hive.
    Example of permission configurations
    The following figure shows the web UI of Ranger 2.1.0.Ranger-2.1.0-2
  3. Click Add New Policy in the upper-right corner.
  4. Configure permissions.
    Configure permissions
    Parameter Description
    Policy Name The name of the policy. You can customize a name.
    database The name of the Hive database, such as testdb.
    table The name of the table, such as test.
    Hive Column The name of the column. You can set this parameter to an asterisk (*) to indicate all columns.
    Select Group The user group to which you want to add this policy.
    Select User The user to whom you want to add this policy.
    Permissions The permissions to be granted.
  5. Click Add.
    After the policy is added, authorization is completed. User foo can access the testdb.test table.
    Note After you add, remove, or modify a policy, it takes about one minute for the configuration to take effect.

Disable Impala in Ranger

If you do not need to use Ranger to manage permissions on Impala, you can perform the following steps to disable Impala in Ranger.

  1. Disable Impala in Ranger.
    1. Go to the Cluster Management page in the Alibaba Cloud EMR console. Find your cluster and click Details in the Actions column.
    2. In the left-side navigation pane, choose Cluster Service > RANGER.
    3. On the Ranger service page, choose Actions > DisableImpala in the upper-right corner.
    4. Perform the following operations on the cluster:
      1. In the Cluster Activities dialog box, specify Description and click OK.
      2. In the Confirm message, click OK.
      3. Click History in the upper-right corner to view the task progress.
  2. Restart Impala.
    1. In the left-side navigation pane, choose Cluster Service > Impala.
    2. On the Impala service page, choose Actions > Restart All Components in the upper-right corner.
    3. Perform the following operations on the cluster:
      1. In the Cluster Activities dialog box, specify Description and click OK.
      2. In the Confirm message, click OK.
      3. Click History in the upper-right corner to view the task progress.