[HAWQ-1036] Support user impersonation in PXF for external tables - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.3.0.0-incubating
Component/s: PXF, Security
Labels:
None

Description

Currently HAWQ executes all queries as the user running the HAWQ process or the user running the PXF process, not as the user who issued the query via ODBC/JDBC/... This restricts the options available for integrating with existing security defined in HDFS, Hive, etc.

Impersonation provides an alternative Ranger integration (as discussed in HAWQ-256 ) for consistent security across HAWQ, HDFS, Hive...

Implementation High Level steps:
1) HAWQ needs to integrate with existing authentication components for the user who invokes the query
2) HAWQ needs to pass down the user id to PXF after authorization is passed
3) PXF needs to do "run as ..." the user id to execute APIs to access Hive/HDFS

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HAWQ_Impersonation_rationale.txt
30/Aug/16 19:43
2 kB
Alastair "Bell" Turner

Issue Links

is related to

HAWQ-256 Integrate Security with Apache Ranger

In Progress

relates to

HAWQ-1118 Support user impersonation for HAWQ internal tables

Open

links to

GitHub Pull Request #1339

Sub-Tasks

Implement trustworthy user identity session variables

Open

Lei Chang

Activity

People

Assignee:: Alexander Denissov

Reporter:: Alastair "Bell" Turner

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 30/Aug/16 14:26

Updated:: 09/Apr/18 06:59

Resolved:: 10/Feb/18 00:13