Impala Security
You can configure Impala to use the following security features on a secure and insecure MapR cluster:
Feature | Description |
LDAP | You can configure LDAP authentication for client connections with Impala. You can use LDAP authentication with Sentry to authenticate users and provide precise levels of access to users. See LDAP Authentication for Impala. |
Kerberos | You can configure Impala to use Kerberos for authentication. You can also use Sentry authorization in conjunction with Kerberos if you want to configure user-level access to databases, tables, columns, and partitions. See Enable Kerberos Authentication for Impala. |
SSL | You can enable SSL network encryption for communication between Impala and client programs and between Impala nodes in a cluster. See Enable SSL for Impala. |
You can configure Impala to use security features and components listed below on a secure MapR cluster when Kerberos is used for authentication and Hive is also secure.
The following security matrix assumes that each component is configured with Kerberos for authentication. For example, if you run Impala with Hive and Hue, each component (Impala, Hive, and Hue) must use Kerberos for authentication.
Component | Version | Impala 1.4.1 | Impala 2.2.0 |
MapR | 4.0.1 | Yes | No |
5.x | Yes | Yes | |
LDAP | N/A | Yes | Yes |
Kerberos | N/A | Yes | Yes |
Sentry | 1.4 | Yes | No |
1.6 | No | Yes | |
Hue | 3.6 | Yes | No |
3.9 | Yes | Yes | |
Hive | 0.13 | Yes | No |
1.2.1 | No | Yes |
The following table provides the supported and unsupported component and security combinations on a secure MapR cluster:
Impala Security Mode | Hive + MapR SASL | Hive + Kerberos |
None | supported | not supported |
LDAP | supported | not supported |
Kerberos | supported | supported |