[ https://issues.apache.org/jira/browse/HAWQ-1036?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alexander Denissov resolved HAWQ-1036. -------------------------------------- Resolution: Fixed Fix Version/s: (was: backlog) 2.4.0.0-incubating > Support user impersonation in PXF for external tables > ----------------------------------------------------- > > Key: HAWQ-1036 > URL: https://issues.apache.org/jira/browse/HAWQ-1036 > Project: Apache HAWQ > Issue Type: New Feature > Components: PXF, Security > Reporter: Alastair "Bell" Turner > Assignee: Alexander Denissov > Priority: Critical > Fix For: 2.4.0.0-incubating > > Attachments: HAWQ_Impersonation_rationale.txt > > > Currently HAWQ executes all queries as the user running the HAWQ process or > the user running the PXF process, not as the user who issued the query via > ODBC/JDBC/... This restricts the options available for integrating with > existing security defined in HDFS, Hive, etc. > Impersonation provides an alternative Ranger integration (as discussed in > HAWQ-256 ) for consistent security across HAWQ, HDFS, Hive... > Implementation High Level steps: > 1) HAWQ needs to integrate with existing authentication components for the > user who invokes the query > 2) HAWQ needs to pass down the user id to PXF after authorization is passed > 3) PXF needs to do "run as ..." the user id to execute APIs to access > Hive/HDFS -- This message was sent by Atlassian JIRA (v7.6.3#76005)