Reply
Explorer
Posts: 8
Registered: ‎09-14-2015
Accepted Solution

Does Impala support Impersonation?

Hi Guys,

 

I have set --authorized_proxy_user_config for required user and connecting impala using hive-jdbc url with impala.doas.user for proxy authentication but unable get expected results(getting kerberos principal user databases/results instead of proxy user databases/results). Getting same results with beeline and Java code using hive & impala drivers also.

 

Cluster enabled with Kerberos & Sentry & SSL & HDFS Encryption.

 

Please do let me know Impala does support Impersonation or not?

 

Thanks,

Ram G

Cloudera Employee
Posts: 400
Registered: ‎03-23-2015

Re: Does Impala support Impersonation?

No, Impala currently does not support Impersonation.
Explorer
Posts: 8
Registered: ‎09-14-2015

Re: Does Impala support Impersonation?

[ Edited ]

Thanks Eric for the confirmation.

 

Is there any timeline for support this?

 

Regards,

RamG

Cloudera Employee
Posts: 716
Registered: ‎07-30-2013

Re: Does Impala support Impersonation?

Cloudera Employee
Posts: 400
Registered: ‎03-23-2015

Re: Does Impala support Impersonation?

Hi Romain,

I think that's Hue specific setting, not Impala. The goal is to impersonate at Hue level, so instead of using "hue" to connect to Impala, it can impersonate as end user. But at impala side, query still run using "impala" user behind the scene.

There are discussions here about impersonation in Impala:
https://groups.google.com/a/cloudera.org/forum/#!topic/impala-user/2VBYXNS4ixw

Specifically:

>>> We do not plan to implement HDFS impersonation and recommend against using it for Hive as well given it's less secure and is incompatible with a fine-grained authorization.

Explorer
Posts: 8
Registered: ‎09-14-2015

Re: Does Impala support Impersonation?

Thank you Eric!

Announcements