vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/component-operation-guide-lts/mrs_01_1728.html
Yang, Tong 3f5759eed2 MRS comp-lts 2.0.38.SP20 version 
Reviewed-by: Hasko, Vladimir <vladimir.hasko@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2023-01-19 17:08:45 +00:00

19 lines
2.9 KiB
HTML
Raw Blame History

<a name="mrs_01_1728"></a><a name="mrs_01_1728"></a>
<h1 class="topictitle1">Permission Principles and Constraints</h1>
<div id="body32001227"><div class="section" id="mrs_01_1728__en-us_topic_0000001173949668_section215794353118"><h4 class="sectiontitle">General Constraints</h4><ul id="mrs_01_1728__en-us_topic_0000001173949668_ul31769501208"><li id="mrs_01_1728__en-us_topic_0000001173949668_li131766501508">Access data sources in the same cluster using <span id="mrs_01_1728__en-us_topic_0000001173949668_text13528591239">HetuEngine</span><p id="mrs_01_1728__en-us_topic_0000001173949668_p1270113219329">If Ranger authentication is enabled for <span id="mrs_01_1728__en-us_topic_0000001173949668_text1992533513111">HetuEngine</span>, the PBAC permission policy of Ranger is used for authentication.</p>
<p id="mrs_01_1728__en-us_topic_0000001173949668_p3202131113360">If Ranger authentication is disabled for <span id="mrs_01_1728__en-us_topic_0000001173949668_text19202141173617">HetuEngine</span>, the RBAC permission policy of MetaStore is used for authentication.</p>
</li></ul>
<ul id="mrs_01_1728__en-us_topic_0000001173949668_ul1567616549014"><li id="mrs_01_1728__en-us_topic_0000001173949668_li136768541404">Access data sources in different clusters using <span id="mrs_01_1728__en-us_topic_0000001173949668_text62601231112416">HetuEngine</span><p id="mrs_01_1728__en-us_topic_0000001173949668_p1712210124114">The permission policy is controlled by the permissions of the <span id="mrs_01_1728__en-us_topic_0000001173949668_text183445216113">HetuEngine</span> client and the data source. (In Hive scenarios, it depends on HDFS.)</p>
</li><li id="mrs_01_1728__en-us_topic_0000001173949668_li18687302082">HetuEngine users do not support the <strong id="mrs_01_1728__en-us_topic_0000001173949668_b1038061915407">supergroup</strong> user group.</li><li id="mrs_01_1728__en-us_topic_0000001173949668_li65081622205">When querying a view, you only need to grant the select permission on the target view. When querying a join table using a view, you need to grant the select permission on the view and table.</li></ul>
</div>
<div class="note" id="mrs_01_1728__en-us_topic_0000001173949668_en-us_topic_0254454613_note14718175117"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="mrs_01_1728__en-us_topic_0000001173949668_p3182621227">When the permission control type of <span id="mrs_01_1728__en-us_topic_0000001173949668_text13911241525">HetuEngine</span> is changed, the <span id="mrs_01_1728__en-us_topic_0000001173949668_text12305666217">HetuEngine</span> service, including the <span id="mrs_01_1728__en-us_topic_0000001173949668_text183653305390">HetuEngine</span> compute instance running on Yarn, needs to be restarted.</p>
</div></div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="mrs_01_1721.html">HetuEngine Permission Management</a></div>
</div>
</div>
View Git Blame Copy Permalink