Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Knox : pass user to impersonate to Hive service though JDBC?

Highlighted

Knox : pass user to impersonate to Hive service though JDBC?

New Contributor

Hi,


I try to configure Knox so I can make jdbc call (from java app) on Hive service impersonating any user with no authentication.


I have added a new topology to knox with :

[...]

<provider>

<role>authentication</role>

<name>Anonymous</name>

<enabled>true</enabled>

</provider>

[...]

<provider>

<role>identity-assertion</role>

<name>Default</name>

<enabled>true</enabled>

</provider>


But when I do my JDBC call using this code :

connection = DriverManager.getConnection(connectionString, "MyRealUserId", "");

The user "MyRealUserId" doesn'y seems to be used at all because I get the following error :


Permission denied: user [anonymous] does not have [SELECT] privilege on [my_hive_db/my_table/*]


I also tried to add the user in the connection string with :

hive.server2.proxy.user="MyRealUserId"


For the same result...


Am I wrong on the topology configuration or in my jdbc call?


ps : I need to do it this way because I can't authentify "MyRealUserId" with its password and so I use IP security in the topology with :

<provider>

<role>authorization</role>

<name>AclsAuthz</name>

<enabled>true</enabled>

<param>

<name>webhdfs.acl</name>

<value>*;*;my_private_ip_adresses</value>

</param>

</provider>


Thanks,


Thomas Lebrun