Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-565

Support user impersonation for authorization requests

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • Impala 1.1.1
    • Impala 1.2
    • None
    • None

    Description

      Impala should support user impersonation for authorization requests. This will enable a more fine-grained authorization story for apps such as Hue. This is only for authorization requests, not for HDFS-level impersonation.

      This can be done by using the Hive Server 2 "configuration" property to specify the user to impersonate. For example a TOpenSessionReq would look like:

      'username': kerberos_principal_short_name, # hue
      'configuration': {'impala.proxy.user': user.username}
      

      Impala would just need to verify the user is in the list of authorized proxy users (users who can impersonate other users).

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            lskuff Lenni Kuff
            lskuff Lenni Kuff
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment