Created 05-27-2019 06:32 PM
Hi,
I try to configure Knox so I can make jdbc call (from java app) on Hive service impersonating any user with no authentication.
I have added a new topology to knox with :
[...]
<provider>
<role>authentication</role>
<name>Anonymous</name>
<enabled>true</enabled>
</provider>
[...]
<provider>
<role>identity-assertion</role>
<name>Default</name>
<enabled>true</enabled>
</provider>
But when I do my JDBC call using this code :
connection = DriverManager.getConnection(connectionString, "MyRealUserId", "");
The user "MyRealUserId" doesn'y seems to be used at all because I get the following error :
Permission denied: user [anonymous] does not have [SELECT] privilege on [my_hive_db/my_table/*]
I also tried to add the user in the connection string with :
hive.server2.proxy.user="MyRealUserId"
For the same result...
Am I wrong on the topology configuration or in my jdbc call?
ps : I need to do it this way because I can't authentify "MyRealUserId" with its password and so I use IP security in the topology with :
<provider>
<role>authorization</role>
<name>AclsAuthz</name>
<enabled>true</enabled>
<param>
<name>webhdfs.acl</name>
<value>*;*;my_private_ip_adresses</value>
</param>
</provider>
Thanks,
Thomas Lebrun