Applying User Delegation to a Connection
|The supervisor enables user delegation via a custom user attribute. Administrators apply user delegation to the data connection definition for a data source.|
Applying user delegation to a Zoomdata data source connection definition involves setting the Do As User parameter in the connection definition and setting up proxy user features in your data store. Any authentication mechanism (Kerberos or LDAP) and group mapping (file system or LDAP-based) method can be used by the data store or Zoomdata, as long as the user name assigned to the Do As User connector parameter is allowed appropriate authorizations (delegation) in the data store configuration.
User delegation processing is depicted in the following diagram.
User delegation occurs in this manner:
The Zoomdata supervisor or administrator assigns any LDAP attribute (for example,
name) to a Zoomdata custom user attribute. This should be provided by your data store administrator. The only requirement is that this attribute must match the configuration in Sentry. See Enabling User Delegation.
The Zoomdata custom user attribute is referenced by its name, prefaced by the word
User. For example, if your Zoomdata custom user attribute is named
XXXUserName, you would reference it as
The Zoomdata administrator references the custom user attribute in the appropriate data source connection definition using the connection's Do As User box. For example:
See Connection Tab for information about the Connection tab in the data source connection definition.
When a user submits a query using the data source, the Zoomdata connector sends the user identified by the Do As User parameter (or as interpreted by the setting in that parameter) to the data store when it connects on behalf of the query.
Assuming user proxy (user delegation) features are set up properly on the data store, the data store runs the query on behalf of the user. For information on setting up user proxy, user impersonation, or user delegation features in each data store, see the following links.
Data Store User Proxy Setup Links Apache Drill Cloudera Impala Cloudera Search Hive