...
Additionally, the /etc/hadoop/kms-acls.xml
file on the KMS host should be updated to include users with appropriate permissions.
If impersonation is enabled and KMS-backed secure storage is used from programs, the impersonated user should be provided appropriate permissions in the
/etc/hadoop/kms-acls.xml
.If it is used through the Secure Storage HTTP RESTful API, the CDAP logged-in user should be provided appropriate permissions in the
/etc/hadoop/kms-acls.xml
.
...