| commit | a398f7992e8a94e20861ffe81d3a84f186c406da | [log] [tgz] |
|---|---|---|
| author | Fang-Yu Rao <fangyu.rao@cloudera.com> | Fri Jan 16 15:54:31 2026 -0800 |
| committer | Quanlong Huang <huangquanlong@gmail.com> | Fri Jan 30 10:15:46 2026 +0000 |
| tree | 2a51f92296e76ff0b5ba9f44afb6becb4fa55aec | |
| parent | 9220b9699fabbcf06b134a023807ce328e43a2ea [diff] |
IMPALA-10913: Produce Ranger audit log for SHOW DATABASES This patch makes Impala produce Ranger audit log for the SHOW DATABASES and the SHOW DATABASES LIKE statements. Moreover, this patch enforces the authorization check for the default database, meaning that the default database will not be shown if the requesting user is not authorized to view this database according to the Ranger policy repository. To support this new type of authorization check, we added the class AuthorizableDbList to represent the object to be accessed by those two statements. Note that this patch generates the same RangerAccessRequestImpl for the SHOW DATABASES statement as Hive does when Ranger is the authorization provider. Specifically, in https://github.com/apache/ranger/blob/668b80b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java#L806-L811 for the operation of SHOWDATABASES, the constructor of RangerHiveResource does not populate any field in RangerAccessResourceImpl with a non-null value. Moreover, when HiveAccessType.USE is passed to the constructor of RangerHiveAccessRequest, under the covers 'accessType' in RangerAccessRequestImpl will be set to "_any" as shown in RangerHiveAccessRequest#setHiveAccessType(). Testing: - Added test cases to make sure the Ranger audit event will be produced. - Added test cases to verify the database 'default' will not be shown if the requesting user is not allowed to discover the database based on the Ranger policy repository. Change-Id: Idb3e54b152e953916d3d7d7ef27c880a8559ed26 Reviewed-on: http://gerrit.cloudera.org:8080/23877 Reviewed-by: Quanlong Huang <huangquanlong@gmail.com> Tested-by: Impala Public Jenkins <impala-public-jenkins@cloudera.com>
Lightning-fast, distributed SQL queries for petabytes of data stored in open data and table formats.
Impala is a modern, massively-distributed, massively-parallel, C++ query engine that lets you analyze, transform and combine data from a variety of data sources:
The fastest way to try out Impala is a quickstart Docker container. You can try out running queries and processing data sets in Impala on a single machine without installing dependencies. It can automatically load test data sets into Apache Kudu and Apache Parquet formats and you can start playing around with Apache Impala SQL within minutes.
To learn more about Impala as a user or administrator, or to try Impala, please visit the Impala homepage. Detailed documentation for administrators and users is available at Apache Impala documentation.
If you are interested in contributing to Impala as a developer, or learning more about Impala's internals and architecture, visit the Impala wiki.
Impala only supports Linux at the moment. Impala supports x86_64 and has experimental support for arm64 (as of Impala 4.0). Impala Requirements contains more detailed information on the minimum CPU requirements.
Impala runs on Linux systems only. The supported distros are
Other systems, e.g. SLES12, may also be supported but are not tested by the community.
This distribution uses cryptographic software and may be subject to export controls. Please refer to EXPORT_CONTROL.md for more information.
See Impala's developer documentation to get started.
Detailed build notes has some detailed information on the project layout and build.