Uploaded image for project: 'Apache HAWQ'
  1. Apache HAWQ
  2. HAWQ-1036

Support user impersonation in PXF for external tables

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.3.0.0-incubating
    • Component/s: PXF, Security
    • Labels:
      None

      Description

      Currently HAWQ executes all queries as the user running the HAWQ process or the user running the PXF process, not as the user who issued the query via ODBC/JDBC/... This restricts the options available for integrating with existing security defined in HDFS, Hive, etc.

      Impersonation provides an alternative Ranger integration (as discussed in HAWQ-256 ) for consistent security across HAWQ, HDFS, Hive...

      Implementation High Level steps:
      1) HAWQ needs to integrate with existing authentication components for the user who invokes the query
      2) HAWQ needs to pass down the user id to PXF after authorization is passed
      3) PXF needs to do "run as ..." the user id to execute APIs to access Hive/HDFS

        Attachments

        1. HAWQ_Impersonation_rationale.txt
          2 kB
          Alastair "Bell" Turner

          Issue Links

            Activity

              People

              • Assignee:
                adenissov Alexander Denissov
                Reporter:
                thebellhead Alastair "Bell" Turner
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: