Repository: drill Updated Branches: refs/heads/gh-pages ade03031f -> 4251af470
inI Project: http://git-wip-us.apache.org/repos/asf/drill/repo Commit: http://git-wip-us.apache.org/repos/asf/drill/commit/4251af47 Tree: http://git-wip-us.apache.org/repos/asf/drill/tree/4251af47 Diff: http://git-wip-us.apache.org/repos/asf/drill/diff/4251af47 Branch: refs/heads/gh-pages Commit: 4251af47045d6bbdb1e4a9dc356ceb2a541ac093 Parents: ade0303 Author: Bridget Bevens <bbev...@maprtech.com> Authored: Wed Jul 26 19:42:56 2017 -0700 Committer: Bridget Bevens <bbev...@maprtech.com> Committed: Wed Jul 26 19:42:56 2017 -0700 ---------------------------------------------------------------------- .../050-configure-inbound-impersonation.md | 23 ++++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/drill/blob/4251af47/_docs/configure-drill/securing-drill/050-configure-inbound-impersonation.md ---------------------------------------------------------------------- diff --git a/_docs/configure-drill/securing-drill/050-configure-inbound-impersonation.md b/_docs/configure-drill/securing-drill/050-configure-inbound-impersonation.md index 2161faa..06f8933 100644 --- a/_docs/configure-drill/securing-drill/050-configure-inbound-impersonation.md +++ b/_docs/configure-drill/securing-drill/050-configure-inbound-impersonation.md @@ -1,6 +1,6 @@ --- title: "Configuring Inbound Impersonation" -date: 2017-07-27 02:19:28 UTC +date: 2017-07-27 02:42:59 UTC parent: "Securing Drill" --- @@ -46,17 +46,22 @@ Policy format: { proxy_principals : { users : [â...â, â...â], groups : [â...â, â...â] }, target_principals: { users : [â...â, â...â], groups : [â...â, â...â] } } -3. Ensure that the proxy user (application) passes the username of the impersonation target user to Drill when creating a connection through the `impersonation_target` connection property. The following examples show you how to do this for JDBC and ODBC: - - - * For JDBC, through SQLLine: +3. Ensure that the proxy user (application) passes the username of the impersonation target user to Drill when creating a connection through the `impersonation_target` connection property. - bin/sqlline âu âjdbc:drill:schema=dfs;zk=myclusterzk;impersonation_target=euser1â -n puser1 -p ppass1 -In this example, `puser1` is the user submitting the queries. This user is authenticated. Since this user is authorized to impersonate any user, queries through the established connection are run as `euser1`. +The following examples show you how to do this for JDBC and ODBC: + - +- For JDBC, through SQLLine: - * For ODBC on Linux or Mac, you can pass the username through the `DelegationUID` property in the odbc.ini file. See [Configuring ODBC on Linux]({{site.baseurl}}/docs/configuring-odbc-on-linux/) for more information. + bin/sqlline âu âjdbc:drill:schema=dfs;zk=myclusterzk;impersonation_target=euser1â -n puser1 -p ppass1 + +In this example, `puser1` is the user submitting the queries. This user is authenticated. Since this user is authorized to impersonate any user, queries through the established connection are run as `euser1`. + + +- For ODBC on Linux or Mac, you can pass the username through the `DelegationUID` property in the odbc.ini file. See [Configuring ODBC on Linux]({{site.baseurl}}/docs/configuring-odbc-on-linux/) for more information. + DelegationUID=euser1 + + If you are using ODBC on Windows, you can use the **ODBC Data Source Administrator** to provide the username through the `Delegation UID` field in the MapR Drill ODBC Driver DSN Setup dialog box. See [Configuring ODBC on Windows]({{site.baseurl}}/docs/configuring-odbc-on-windows/) for more information.
