Hi,

I try to configure Knox so I can make jdbc call (from java app) on Hive service impersonating any user with no authentication.

I have added a new topology to knox with :

[...]

<provider>

<role>authentication</role>

<name>Anonymous</name>

<enabled>true</enabled>

</provider>

[...]

<provider>

<role>identity-assertion</role>

<name>Default</name>

<enabled>true</enabled>

</provider>

But when I do my JDBC call using this code :

connection = DriverManager.getConnection(connectionString, "MyRealUserId", "");

The user "MyRealUserId" doesn'y seems to be used at all because I get the following error :

Permission denied: user [anonymous] does not have [SELECT] privilege on [my_hive_db/my_table/*]

I also tried to add the user in the connection string with :

hive.server2.proxy.user="MyRealUserId"

For the same result...

Am I wrong on the topology configuration or in my jdbc call?

ps : I need to do it this way because I can't authentify "MyRealUserId" with its password and so I use IP security in the topology with :

<provider>

<role>authorization</role>

<name>AclsAuthz</name>

<enabled>true</enabled>

<param>

<name>webhdfs.acl</name>

<value>*;*;my_private_ip_adresses</value>

</param>

</provider>

Thanks,

Thomas Lebrun