Enabling User Delegation

You can use user delegation to run queries on behalf of Zoomdata users using a single set of credentials for a number of Zoomdata connectors. This allows you to share a single connection configuration among all users. User delegation can be established on a per-user or a per-group basis.

User delegation is currently supported by the following Zoomdata connectors: Cloudera Search, Impala, and Hive.

Supervisors enable user delegation via a custom user attribute. Administrators apply user delegation to the data connection definition for a data source.

To enable user delegation:

  1. Log into the Zoomdata server as a supervisor.

  2. Click to see the supervisor menu.

  3. Select Security on the supervisor menu. The security tabs display.

  4. Select the LDAP Settings tab. The LDAP Settings tab has five sections: General Settings, LDAP Server, User Provisioning, Mappings, and Mappings to Custom User Attributes.

    If the LDAP tab cannot be selected, verify that the LDAP security service is enabled. See Lightweight Directory Access Protocol (LDAP).
  5. In the Mapping to Custom User Attributes section, click Add Custom User Attribute.

  6. Type any meaningful name for the custom attribute name.

  7. Match the new attribute to any LDAP attribute (for example, cn, sAMAccountName, name). This should be provided by an Impala administrator. The only requirement is that this attribute match the configuration in Sentry.

  8. Click Save to save the attribute.

    The custom user attribute is referenced by its name, prefaced by the word User. For example, if your custom user attribute is named XXXUserName, you would reference it as User.XXXUserName. This reference name is shown in the Usage column.

  9. Select Connectors on the supervisor menu. The Manage Connector Services page appears. This page has two tables: one for Connector Servers and one for Connectors.

  10. Scroll down to the Connectors table and select the appropriate connector from the list. The connector settings page displays.

  11. Scroll down to the Connector Parameters and verify that the check box in the User Attribute column for the DO_AS_USER parameter is selected. This ensures that the DO_AS_USER parameter is visible and can be set in your Impala connection.

  12. Click Save.

To apply user delegation to a data source connection definition, see Applying User Delegation to a Connection.