On Mon, Jun 25, 2018 at 5:09 PM, Takeshi Yamamuro wrote:
> In that case, I think Livy is useful; the application can pass proxyUser to
> build LivyClient for each user
> and run spark queries as each user authorization.
But Livy already supports impersonation. It can impersonate the
> You're talking about another service between the user and the application.
yes, I pointed out the case.
> In that case a parameter probably makes sense. But then you'd need to
> add those config options,
yea, I see.
Currently, any approach to avoid the dangerous case for the service?
I
oh, great news...
I'll check the config.
On Tue, Jun 26, 2018 at 10:30 AM Saisai Shao wrote:
> Yes, has a configuration "livy.superusers". Here in this case, the sql
> server user should be added as a superuser, who can impersonate other
> different users.
>
> Marcelo Vanzin 于2018年6月26日周二
Yes, has a configuration "livy.superusers". Here in this case, the sql
server user should be added as a superuser, who can impersonate other
different users.
Marcelo Vanzin 于2018年6月26日周二 上午9:12写道:
> You're talking about another service between the user and the application.
>
> In that case a
Yea, I know the Livy supports impersonation.
I assume a case blow
[different users] ---Some protocols---> [the server applications managing
multiple sessions for users] ---REST---> [Livy server]
In this case, Livy already has a way to pass proxyUser from the application
to Livy?
Sorry, but I'm not
You're talking about another service between the user and the application.
In that case a parameter probably makes sense. But then you'd need to
add those config options, because this is a dangerous feature, and
Livy should know who is allowed to impersonate who. In this case the
service needs to
Superusers are a little more than "allowed to impersonate others". I
don't remember exactly what are the things that it allows, but it
would be better to add finer grained permissions.
On Mon, Jun 25, 2018 at 6:30 PM, Saisai Shao wrote:
> Yes, has a configuration "livy.superusers". Here in this
I think Livy super user is similar to Hadoop's proxy user, it allows this
user to impersonate others, but it doesn't check whether other users is
allowed to be impersonated.
In the meantime, Livy has ACL mechanisms, which allows only ACL verified
users to connect to LivyServer, so I think with
>> Marcelo
Sorry, I missed your response. Yea, thanks for your suggestion.
>> Meisam
I assume one application handles requests from different users, and the
request in the application
runs spark queries as each user authorization.
Since SparkContext currently doesn't support impersionation, I
What is the use case for passing the proxy user to LivyClientBuilder?
On Fri, Jun 15, 2018 at 9:02 AM Marcelo Vanzin
wrote:
> re: proxy user, you have to be extremely careful with that.
>
> Livy currently supports proxy user, but for the server only. It allows
> the server to impersonate
10 matches
Mail list logo