Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Does Impala support Impersonation?

SOLVED Go to solution

Does Impala support Impersonation?

Explorer

Hi Guys,

 

I have set --authorized_proxy_user_config for required user and connecting impala using hive-jdbc url with impala.doas.user for proxy authentication but unable get expected results(getting kerberos principal user databases/results instead of proxy user databases/results). Getting same results with beeline and Java code using hive & impala drivers also.

 

Cluster enabled with Kerberos & Sentry & SSL & HDFS Encryption.

 

Please do let me know Impala does support Impersonation or not?

 

Thanks,

Ram G

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Does Impala support Impersonation?

Guru
No, Impala currently does not support Impersonation.
5 REPLIES 5

Re: Does Impala support Impersonation?

Guru
No, Impala currently does not support Impersonation.

Re: Does Impala support Impersonation?

Explorer

Thanks Eric for the confirmation.

 

Is there any timeline for support this?

 

Regards,

RamG

Highlighted

Re: Does Impala support Impersonation?

Re: Does Impala support Impersonation?

Guru
Hi Romain,

I think that's Hue specific setting, not Impala. The goal is to impersonate at Hue level, so instead of using "hue" to connect to Impala, it can impersonate as end user. But at impala side, query still run using "impala" user behind the scene.

There are discussions here about impersonation in Impala:
https://groups.google.com/a/cloudera.org/forum/#!topic/impala-user/2VBYXNS4ixw

Specifically:

>>> We do not plan to implement HDFS impersonation and recommend against using it for Hive as well given it's less secure and is incompatible with a fine-grained authorization.

Re: Does Impala support Impersonation?

Explorer

Thank you Eric!