[IMPALA-565] Support user impersonation for authorization requests - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: Impala 1.1.1
Fix Version/s: Impala 1.2
Component/s: None
Labels:
None

Description

Impala should support user impersonation for authorization requests. This will enable a more fine-grained authorization story for apps such as Hue. This is only for authorization requests, not for HDFS-level impersonation.

This can be done by using the Hive Server 2 "configuration" property to specify the user to impersonate. For example a TOpenSessionReq would look like:

'username': kerberos_principal_short_name, # hue
'configuration': {'impala.proxy.user': user.username}

Impala would just need to verify the user is in the list of authorized proxy users (users who can impersonate other users).

Attachments

Activity

People

Assignee:: Lenni Kuff

Reporter:: Lenni Kuff

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 28/Aug/13 06:27

Updated:: 20/Dec/15 00:05

Resolved:: 18/Oct/13 01:11