Support Questions

Fawze · ‎01-25-2017

Hi All,

I'm using zeppelin to run report using impala.

I downloaded impala JDBC to my linux machine, when i'm looking at the impala queries at cloudera manager, i see my queries running with empty user " ".

I didn't integrate LDAP authnitication yet with Impala.

I have 2 small questions:

1- where and how i can pass the user that i need the queries to run with in the impala JDBC?

2- How i can restrict only queries qith user specific to run.

epowell · ‎01-11-2019

I am very happy to report that this finally did the trick for me. I had not thought to leave the PWD field blank but that was the answer.

Here is my final connection string that is working perfectly with DBeaver:

jdbc:impala://1.0.0.1:21050/mydb;AuthMech=3;UID=myuser;UseSasl=0;PWD=

@FawzeI think this issue can finally be marked as resolved

View solution in original post

saranvisa · ‎01-25-2017

@Fawze

The answer for your 2nd question first, You have to implement apache sentry to restrict user specific query access on impala. Work with your Hadoop admin to setup it on your cluster

now for the first (generic) question, obviously you have to pass the parameter from the source. Apache sentry has dependency on other security tool called kerberos which has a concept called keytab. so when you pass the user and password from the source, you also have to pass the keytab to authenticate your network. you can achieve your first requirement with this step

I've shared some high level security information in the below link, hope this will give some idea

https://community.cloudera.com/t5/Security-Apache-Sentry/Hadoop-Security-for-beginners/m-p/49876#M24...

Thanks

Kumar

Fawze · ‎01-25-2017

I'm already working to integrate authentication and security to my cluster,
it may takes time for me to complete this process, but my question where i
can provide user name in the impala JDBC if it in a linux user.

saranvisa · ‎01-25-2017

@Fawze

I think you didn't get my point yet,

You don't need to provide user name for impala instead you can authenticate your table in two steps
1. Network authentication using Kerberos
2. Query/Table level authentication using Apache Sentry

so when you call the query using JDBC, you need to pass user, passworld & keytab

Fawze · ‎01-25-2017

Hi saranvisa,

I got your point, but currently i don't have any authentication that i'm using.

How i can enforce the queries running through specific impala JDBC to run with specific user.

Maybe i'm missing something in the concept.

Fawze · ‎01-26-2017

Anyone who can help with this please.

Fawze · ‎01-30-2017

This is my default.url and impala.url in the interpreter settings:

jdbc:impala://xxxxxx:21050/;SID=fawze;

Lars Volker · ‎01-31-2017

Hi Fawze,

which JDBC driver are you using? And which version of it?

Cheers, Lars

Fawze · ‎01-31-2017

ImpalaJDBC4.jar

Lars Volker · ‎02-01-2017

That version should have been downloaded from Cloudera and as such the downloaded file comes with its own version number. The current version is 2.5.36 and can be found here: http://www.cloudera.com/downloads/connectors/impala/jdbc/2-5-36.html

Please have a look at the documentation contained in that download ("Cloudera-JDBC-Driver-for-Impala-Install-Guide.pdf"), especially at the section "Using User Name" and the "UID" parameter.

Cheers, Lars

Cloudera Community

Support Questions

Impala queries through impala JDBC is running with empty user