jprdonnelly/impala
1
0
Fork 0
mirror of https://github.com/apache/impala.git synced 2026-01-08 21:03:01 -05:00
Code Issues Projects Releases Wiki Activity
Files
8ea21d099fde57bd358cc073017bdcf80c8d74ca
impala/docs/topics/impala_create_role.xml
Jim Apple 3be0f122a5 IMPALA-3398: Add docs to main Impala branch. 
These are refugees from doc_prototype. They can be rendered with the
DITA Open Toolkit version 2.3.3 by:

/tmp/dita-ot-2.3.3/bin/dita \
  -i impala.ditamap \
  -f html5 \
  -o $(mktemp -d) \
  -filter impala_html.ditaval

Change-Id: I8861e99adc446f659a04463ca78c79200669484f
Reviewed-on: http://gerrit.cloudera.org:8080/5014
Reviewed-by: John Russell <jrussell@cloudera.com>
Tested-by: John Russell <jrussell@cloudera.com>
2016-11-17 22:38:44 +00:00

71 lines
3.0 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept rev="1.4.0" id="create_role">
<title>CREATE ROLE Statement (<keyword keyref="impala20"/> or higher only)</title>
<titlealts audience="PDF"><navtitle>CREATE ROLE</navtitle></titlealts>
<prolog>
<metadata>
<data name="Category" value="Impala"/>
<data name="Category" value="DDL"/>
<data name="Category" value="SQL"/>
<data name="Category" value="Sentry"/>
<data name="Category" value="Security"/>
<data name="Category" value="Roles"/>
<data name="Category" value="Administrators"/>
<data name="Category" value="Developers"/>
<data name="Category" value="Data Analysts"/>
<!-- Consider whether to go deeper into categories like Security for the Sentry-related statements. -->
</metadata>
</prolog>
<conbody>
<p>
<indexterm audience="Cloudera">CREATE ROLE statement</indexterm>
<!-- Copied from Sentry docs. Turn into conref. -->
The <codeph>CREATE ROLE</codeph> statement creates a role to which privileges can be granted. Privileges can
be granted to roles, which can then be assigned to users. A user that has been assigned a role will only be
able to exercise the privileges of that role. Only users that have administrative privileges can create/drop
roles. By default, the <codeph>hive</codeph>, <codeph>impala</codeph> and <codeph>hue</codeph> users have
administrative privileges in Sentry.
</p>
<p conref="../shared/impala_common.xml#common/syntax_blurb"/>
<codeblock>CREATE ROLE <varname>role_name</varname>
</codeblock>
<p conref="../shared/impala_common.xml#common/privileges_blurb"/>
<p>
Only administrative users (those with <codeph>ALL</codeph> privileges on the server, defined in the Sentry
policy file) can use this statement.
</p>
<p conref="../shared/impala_common.xml#common/compatibility_blurb"/>
<p>
Impala makes use of any roles and privileges specified by the <codeph>GRANT</codeph> and
<codeph>REVOKE</codeph> statements in Hive, and Hive makes use of any roles and privileges specified by the
<codeph>GRANT</codeph> and <codeph>REVOKE</codeph> statements in Impala. The Impala <codeph>GRANT</codeph>
and <codeph>REVOKE</codeph> statements for privileges do not require the <codeph>ROLE</codeph> keyword to be
repeated before each role name, unlike the equivalent Hive statements.
</p>
<!-- To do: nail down the new SHOW syntax, e.g. SHOW ROLES, SHOW CURRENT ROLES, SHOW GROUPS. -->
<p conref="../shared/impala_common.xml#common/cancel_blurb_no"/>
<p conref="../shared/impala_common.xml#common/permissions_blurb_no"/>
<p conref="../shared/impala_common.xml#common/related_info"/>
<p>
<xref href="impala_authorization.xml#authorization"/>, <xref href="impala_grant.xml#grant"/>,
<xref href="impala_revoke.xml#revoke"/>, <xref href="impala_drop_role.xml#drop_role"/>,
<xref href="impala_show.xml#show"/>
</p>
</conbody>
</concept>
Reference in New Issue View Git Blame Copy Permalink