Apply User Delegation to a Connection
This applies to: Visual Data Discovery
Applying user delegation to a Symphony data source connection definition involves setting the Do As User parameter in the connection definition and setting up proxy user features in your data store. Any authentication mechanism (Kerberos or LDAP) and group mapping (file system or LDAP-based) method can be used by the data store or Symphony, as long as the user name assigned to the Do As User connector parameter is allowed appropriate authorizations (delegation) in the data store configuration.
Note: Administrators enable and apply user delegation to the data connection definition for a data source.
User delegation processing is depicted in the following diagram.
User delegation occurs in this manner:
-
The Symphony administrator assigns any LDAP attribute (for example,
cn
,sAMAccountName
,name
) to a Symphony custom user attribute. This should be provided by your data store administrator. The only requirement is that this attribute must match the configuration in Sentry. See Enable User Delegation.The Symphony custom user attribute is referenced by its name, prefaced by the word
User
. For example, if your Symphony custom user attribute is namedXXXUserName
, you would reference it asUser.XXXUserName
. -
The Symphony administrator references the custom user attribute in the appropriate data source connection definition using the connection's Do As User box. For example:
-
When a user submits a query using the data source, the Symphony connector sends the user identified by the Do As User parameter (or as interpreted by the setting in that parameter) to the data store when it connects on behalf of the query.
Assuming user proxy (user delegation) features are set up properly on the data store, the data store runs the query on behalf of the user. For information on setting up user proxy, user impersonation, or user delegation features in each data store, see the following links.
Data Store User Proxy Setup Links Apache Drill
Cloudera Impala
Cloudera Search
Hive