Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search

Knox : pass user to impersonate to Hive service though JDBC?

Knox : pass user to impersonate to Hive service though JDBC?

t_lebrun
Explorer

Created ‎05-27-2019 06:32 PM

Hi,


I try to configure Knox so I can make jdbc call (from java app) on Hive service impersonating any user with no authentication.


I have added a new topology to knox with :

[...]

<provider>

<role>authentication</role>

<name>Anonymous</name>

<enabled>true</enabled>

</provider>

[...]

<provider>

<role>identity-assertion</role>

<name>Default</name>

<enabled>true</enabled>

</provider>


But when I do my JDBC call using this code : 

connection = DriverManager.getConnection(connectionString, "MyRealUserId", "");

The user "MyRealUserId" doesn'y seems to be used at all because I get the following error :


Permission denied: user [anonymous] does not have [SELECT] privilege on [my_hive_db/my_table/*]


I also tried to add the user in the connection string with :

hive.server2.proxy.user="MyRealUserId"


For the same result...


Am I wrong on the topology configuration or in my jdbc call?


ps : I need to do it this way because I can't authentify "MyRealUserId" with its password and so I use IP security in the topology with :

<provider>

<role>authorization</role>

<name>AclsAuthz</name>

<enabled>true</enabled>

<param>

<name>webhdfs.acl</name>

<value>*;*;my_private_ip_adresses</value>

</param>

</provider>


Thanks,


Thomas Lebrun

Reply
251 Views
0 Kudos
Don't have an account?
Register