Secure Impersonation on Datameer Without Super Group Requirement
AnsweredHi,
If we enable Secure Impersonation on Datameer Without Super Group Requirement, how this affects to:
- Connections to HDFS, HiveServer2
- When Sentry or Ranger are on a Hadoop cluster that has the impersonation plug-in enabled
- Is still there a lack of traceability on the Hadoop cluster to identify which user performed which action?
What is the difference between Secure Impersonation on Datameer with Super Group and without it?.
Thanks in advance for the response.
Best regards,
Arturo.
-
Hello Arturo.
To configure Secure Impersonation on Datameer Without Super Group Requirement, one should leverage a new Cluster mode called Native Multi User. This allows enabling Datameer's new secure impersonation method that validates each individual user separately using the user's own Kerberos keytab.
When one enables impersonation, all calls to the cluster (except several service cases) are being made on behalf of artifact's/job's owner, therefore it is required to provide to this user sufficient permissions to the cluster services.
Here are sections of Datameer documentation that help you understand the differences between available Secure Impersonation models. But do not hesitate to ask further questions.
Please sign in to leave a comment.
Comments
1 comment