...
If impersonation is enabled and KMS-backed secure storage is used from programs, the impersonated user should be provided appropriate permissions in the
/etc/hadoop/kms-acls.xml
.If it is used through the Secure Storage HTTP RESTful APIMicroservices, the CDAP logged-in user should be provided appropriate permissions in the
/etc/hadoop/kms-acls.xml
.
...