Details
-
New Feature
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
None
-
None
Description
Currently HAWQ executes all queries as the user running the HAWQ process or the user running the PXF process, not as the user who issued the query via ODBC/JDBC/... This restricts the options available for integrating with existing security defined in HDFS, Hive, etc.
Impersonation provides an alternative Ranger integration (as discussed in HAWQ-256 ) for consistent security across HAWQ, HDFS, Hive...
Implementation High Level steps:
1) HAWQ needs to integrate with existing authentication components for the user who invokes the query
2) HAWQ needs to pass down the user id to PXF after authorization is passed
3) PXF needs to do "run as ..." the user id to execute APIs to access Hive/HDFS