Uploaded image for project: 'Apache HAWQ'
  1. Apache HAWQ
  2. HAWQ-1036

Support user impersonation in PXF for external tables

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.3.0.0-incubating
    • Component/s: PXF, Security
    • Labels:
      None

      Description

      Currently HAWQ executes all queries as the user running the HAWQ process or the user running the PXF process, not as the user who issued the query via ODBC/JDBC/... This restricts the options available for integrating with existing security defined in HDFS, Hive, etc.

      Impersonation provides an alternative Ranger integration (as discussed in HAWQ-256 ) for consistent security across HAWQ, HDFS, Hive...

      Implementation High Level steps:
      1) HAWQ needs to integrate with existing authentication components for the user who invokes the query
      2) HAWQ needs to pass down the user id to PXF after authorization is passed
      3) PXF needs to do "run as ..." the user id to execute APIs to access Hive/HDFS

        Attachments

        Issue Links

          Activity

            People

            • Assignee:
              adenissov Alexander Denissov
              Reporter:
              thebellhead Alastair "Bell" Turner

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment