vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide-lts/mrs_01_1728.html
Yang, Tong 3f5759eed2 MRS comp-lts 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2023-01-19 17:08:45 +00:00

2.9 KiB
Raw Permalink Blame History

Permission Principles and Constraints

General Constraints

  • Access data sources in the same cluster using HetuEngine

    If Ranger authentication is enabled for HetuEngine, the PBAC permission policy of Ranger is used for authentication.

    If Ranger authentication is disabled for HetuEngine, the RBAC permission policy of MetaStore is used for authentication.

  • Access data sources in different clusters using HetuEngine

    The permission policy is controlled by the permissions of the HetuEngine client and the data source. (In Hive scenarios, it depends on HDFS.)

  • HetuEngine users do not support the supergroup user group.
  • When querying a view, you only need to grant the select permission on the target view. When querying a join table using a view, you need to grant the select permission on the view and table.

When the permission control type of HetuEngine is changed, the HetuEngine service, including the HetuEngine compute instance running on Yarn, needs to be restarted.