Enable User Delegation
You can use user delegation to run queries on behalf of Composer users using a single set of credentials for a number of Composer connectors. This allows you to share a single connection configuration among all users. User delegation can be established on a per-user or a per-group basis.
User delegation is currently supported by the following Composer connectors: Apache Drill, Cloudera Impala, Cloudera Search, and Hive. The Composer Oracle connector supports user delegation only via user credential pass-through.
The Composer supervisor enables user delegation via a custom user attribute. Composer administrators apply user delegation to the data connection definition for a data source.
To enable user delegation:
Log into the Composer server as a supervisor.
Select to see the supervisor menu.
Select Security on the supervisor menu. The security tabs display.
Select the LDAP Settings tab. The LDAP Settings tab has five sections: General Settings, LDAP Server, User Provisioning, Mappings, and Mappings to Custom User Attributes.
If the LDAP tab cannot be selected, verify that the LDAP security service is enabled. See Use Lightweight Directory Access Protocol (LDAP) With Composer.
In the Mapping to Custom User Attributes section, select Add Custom User Attribute.
Type any meaningful name for the custom attribute name.
Match the new attribute to any LDAP attribute (for example, cn, sAMAccountName, name). This should be provided by an Impala administrator. The only requirement is that this attribute match the configuration in Sentry.
Select Save to save the attribute.
The custom user attribute is referenced by its name, prefaced by the word
User
. For example, if your custom user attribute is namedXXXUserName
, you would reference it asUser.XXXUserName
. This reference name is shown in the Usage column.Select Connectors on the supervisor menu. The Manage Connector Services page appears. This page has two tables: one for Connector Servers and one for Connectors.
Scroll down to the Connectors table and select the appropriate connector from the list. The connector settings page displays.
Scroll down to the Connector Parameters and verify that the checkbox in the User Attribute column for the DO_AS_USER parameter is selected. This ensures that the DO_AS_USER parameter is visible and can be set in your Impala connection.
Select Save.
To apply user delegation to a data source connection definition, see Apply User Delegation to a Connection.
Comments
0 comments
Please sign in to leave a comment.