You must configure Greenplum Database client host access and role privileges and attributes before using the VMware Tanzu Greenplum Connector for Apache Spark to transfer data between your Greenplum Database and Spark clusters.
Once you start running Spark applications that use the Connector, you may be required to perform certain Greenplum Database maintenance tasks.
These Greenplum Database configuration and maintenance tasks, described below, must be performed by a Greenplum user with administrative (
SUPERUSER) privileges unless otherwise noted.
You must explicitly configure Greenplum Database to permit access from all Spark nodes and stand-alone clients. Configure access for each Spark node, Greenplum database, and Greenplum Database role combination in the
pg_hba.conf file on the master node.
Refer to Configuring Client Authentication in the Greenplum Database documentation for detailed information on configuring
The Connector uses JDBC to communicate with the Greenplum Database master node. The Greenplum user/role name that you provide when you use the Connector to transfer data between Greenplum Database and Spark must have certain privileges assigned by the administrator:
The user/role must have
USAGE privilege on each non-public database schema that has tables that the user will read:
<db-name>=# GRANT USAGE ON SCHEMA <schema_name> TO <user_name>;
The user/role must have
CREATE privilege on each non-public database schema in which tables the user will write to reside:
<db-name>=# GRANT CREATE ON SCHEMA <schema_name> TO <user_name>;
The user/role must have the
SELECT privilege on every Greenplum Database table that the user will read into Spark:
<db-name>=# GRANT SELECT ON <schema_name>.<table_name> TO <user_name>;
To read a Greeplum Database table into Spark, the user/role must have permission to create writable external tables using the Greenplum Database
<db-name>=# ALTER USER <user_name> CREATEEXTTABLE(type = 'writable', protocol = 'gpfdist');
If the user/role writing to Greenplum Database is not a database or table owner, the role must have
INSERT privileges on each existing Greenplum Database table to which the user will write Spark data:
<db-name>=# GRANT SELECT, INSERT ON <schema_name>.<table_name> TO <user_name>;
To write Spark data into a Greeplum Database table, the user/role must have permission to create readable external tables using the Greenplum Database
<db-name>=# ALTER USER <user_name> CREATEEXTTABLE(type = 'readable', protocol = 'gpfdist');
See the Greenplum Database Managing Roles and Privileges documention for further information on assigning privileges to Greenplum Database users.
The Connector uses Greenplum Database external temporary tables to load data between Greenplum and Spark. Maintenance tasks when you use the Connector may include:
VACUUM-ing the catalog as appropriate. Refer to the Greenplum Database System Catalog Maintenance and
VACUUMdocumentation for further information.
ANALYZE-ing the Greenplum Database tables that applications using the Connector load into Spark. Refer to the Greenplum Database Updating Statistics with ANALYZE and
ANALYZEdocumentation for further information.
In addition to users with Greenplum Database
SUPERUSER privileges, database or table owners may perform the maintenance tasks identified above.