I think Livy super user is similar to Hadoop's proxy user, it allows this
user to impersonate others, but it doesn't check whether other users is
allowed to be impersonated.
In the meantime, Livy has ACL mechanisms, which allows only ACL verified
users to connect to LivyServer, so I think with ACL
Superusers are a little more than "allowed to impersonate others". I
don't remember exactly what are the things that it allows, but it
would be better to add finer grained permissions.
On Mon, Jun 25, 2018 at 6:30 PM, Saisai Shao wrote:
> Yes, has a configuration "livy.superusers". Here in this c
oh, great news...
I'll check the config.
On Tue, Jun 26, 2018 at 10:30 AM Saisai Shao wrote:
> Yes, has a configuration "livy.superusers". Here in this case, the sql
> server user should be added as a superuser, who can impersonate other
> different users.
>
> Marcelo Vanzin 于2018年6月26日周二 上午9:1
Yes, has a configuration "livy.superusers". Here in this case, the sql
server user should be added as a superuser, who can impersonate other
different users.
Marcelo Vanzin 于2018年6月26日周二 上午9:12写道:
> You're talking about another service between the user and the application.
>
> In that case a par
> You're talking about another service between the user and the application.
yes, I pointed out the case.
> In that case a parameter probably makes sense. But then you'd need to
> add those config options,
yea, I see.
Currently, any approach to avoid the dangerous case for the service?
I thin
You're talking about another service between the user and the application.
In that case a parameter probably makes sense. But then you'd need to
add those config options, because this is a dangerous feature, and
Livy should know who is allowed to impersonate who. In this case the
service needs to
Yea, I know the Livy supports impersonation.
I assume a case blow
[different users] ---Some protocols---> [the server applications managing
multiple sessions for users] ---REST---> [Livy server]
In this case, Livy already has a way to pass proxyUser from the application
to Livy?
Sorry, but I'm not
On Mon, Jun 25, 2018 at 5:09 PM, Takeshi Yamamuro wrote:
> In that case, I think Livy is useful; the application can pass proxyUser to
> build LivyClient for each user
> and run spark queries as each user authorization.
But Livy already supports impersonation. It can impersonate the
authenticated
>> Marcelo
Sorry, I missed your response. Yea, thanks for your suggestion.
>> Meisam
I assume one application handles requests from different users, and the
request in the application
runs spark queries as each user authorization.
Since SparkContext currently doesn't support impersionation, I thin
What is the use case for passing the proxy user to LivyClientBuilder?
On Fri, Jun 15, 2018 at 9:02 AM Marcelo Vanzin
wrote:
> re: proxy user, you have to be extremely careful with that.
>
> Livy currently supports proxy user, but for the server only. It allows
> the server to impersonate anyone,
re: proxy user, you have to be extremely careful with that.
Livy currently supports proxy user, but for the server only. It allows
the server to impersonate anyone, so that sessions can run as the
requesting user.
If you let the user decide who the session will be run as, you'll need
to add confi
Thanks for quick reply!
> It would be better if you could create a JIRA to track this issue. If
> you're familiar with Livy code, you can also submit a PR about it.
Aha, ok.
ok, I'll file jira and try to make a pr later.
Thanks!
On Fri, Jun 15, 2018 at 11:36 AM, Saisai Shao
wrote:
> Sure, I wi
Sure, I will merge the website code, thanks!
For proxyUser thing, I think there's no particular reason not adding it,
maybe we just forgot to add the proxyUser support.
It would be better if you could create a JIRA to track this issue. If
you're familiar with Livy code, you can also submit a PR a
Hi, Livy dev,
I opened a new pr in incubator-livy-website to add a new link in
third-party-projects.md. It'd be great if you could check this;
https://github.com/apache/incubator-livy-website/pull/23
Btw, I have one question; currently, we cannot pass proxyUser
in LivyClientBuilder. Any reason no
14 matches
Mail list logo