Impala

Prerequisites

A Hadoop cluster of E-MapReduce (EMR) V4.4.1 or later is created, and Ranger and Impala are selected from the optional services when you create the cluster. For more information, see Create a cluster.

Integrate Impala with Ranger

1. In the Alibaba Cloud EMR console, integrate Hive with Ranger. For more information, see Hive.
   Note In Ranger, Impala and Hive use the same Ranger service (emr-hive) to manage permissions. Therefore, you must configure Hive in Ranger first.

   Impala needs to download a policy of the emr-hive service. Therefore, when you specify the Add New Configurations parameter for the emr-hive service, you must add the impala user to Value for policy.download.auth.users in the Name column.
2. Enable Impala in Ranger.
   1. Go to the Cluster Management page in the Alibaba Cloud EMR console. Find your cluster and click Details in the Actions column.
   2. In the left-side navigation pane, choose Cluster Service > RANGER.
   3. On the Ranger service page, choose Actions > EnabledImpala in the upper-right corner.
      
   4. Perform the following operations on the cluster:
      1. In the Cluster Activities dialog box, specify Description and click OK.
      2. In the Confirm message, click OK.
      3. Click History in the upper-right corner to view the task progress.
3. Restart Impala.
   1. In the left-side navigation pane, choose Cluster Service > Impala.
   2. On the Impala service page, choose Actions > Restart All Components in the upper-right corner.
   3. Perform the following operations on the cluster:
      1. In the Cluster Activities dialog box, specify Description and click OK.
      2. In the Confirm message, click OK.
      3. Click History in the upper-right corner to view the task progress.

Examples of permission configurations

For example, you can perform the following steps to grant the foo user the SELECT permission on column a of the testdb.test table.

1. Log on to Ranger. For more information, see Overview.
2. Click emr-hive.
   

   The following figure shows the web UI of Ranger 2.1.0.
3. Click Add New Policy in the upper-right corner.
4. Configure permissions.
   

   Parameter	Description
   Policy Name	The name of the policy. You can customize a name.
   database	The name of the Hive database, such as testdb.
   table	The name of the table, such as test.
   Hive Column	The name of the column. You can set this parameter to an asterisk (*) to indicate all columns.
   Select Group	The user group to which you want to add this policy.
   Select User	The user to whom you want to add this policy.
   Permissions	The permissions to be granted.

5. Click Add.
   After the policy is added, authorization is completed. User foo can access the testdb.test table.

   Note After you add, remove, or modify a policy, it takes about one minute for the configuration to take effect.

Disable Impala in Ranger

If you do not need to use Ranger to manage permissions on Impala, you can perform the following steps to disable Impala in Ranger.

1. Disable Impala in Ranger.
   1. Go to the Cluster Management page in the Alibaba Cloud EMR console. Find your cluster and click Details in the Actions column.
   2. In the left-side navigation pane, choose Cluster Service > RANGER.
   3. On the Ranger service page, choose Actions > DisableImpala in the upper-right corner.
   4. Perform the following operations on the cluster:
      1. In the Cluster Activities dialog box, specify Description and click OK.
      2. In the Confirm message, click OK.
      3. Click History in the upper-right corner to view the task progress.
2. Restart Impala.
   1. In the left-side navigation pane, choose Cluster Service > Impala.
   2. On the Impala service page, choose Actions > Restart All Components in the upper-right corner.
   3. Perform the following operations on the cluster:
      1. In the Cluster Activities dialog box, specify Description and click OK.
      2. In the Confirm message, click OK.
      3. Click History in the upper-right corner to view the task progress.