Configuring Proxy User Authentication
This topic is available for MRS 3.3.0 or later.
You can use Ranger to authenticate a specified proxy user in HetuEngine for FusionInsight Manager user authentication. When you use the HetuEngine client, you can set --session-user to specify a proxy user.
For details about how to create an authentication user or proxy user, see Creating a HetuEngine Permission Role.
You need to enable Ranger authentication and grant the proxy user the permissions to manage the databases, tables, and columns of the data source. For details, see Adding a Ranger Access Permission Policy for HetuEngine.
- Kerberos authentication is enabled for the cluster (the cluster is in security mode)
- Use kinit to specify a user to be authenticated, for example, hetuadmin1. (The user must be a HetuEngine administrator and added to the supergroup user group to authenticate other users.)
kinit hetuadmin1
Enter the password as prompted and change the password upon your first login.
- Use --session-user to specify a proxy user, for example, user1.
hetu-cli --session-user user1
- Use kinit to specify a user to be authenticated, for example, hetuadmin1. (The user must be a HetuEngine administrator and added to the supergroup user group to authenticate other users.)
- Kerberos authentication is disabled for the cluster (the cluster is in normal mode)
Use --user to specify a user to be authenticated, for example, user (must belong to the hetuuser user group). Use --session-user to specify a proxy user, for example, user1.
hetu-cli --user user --session-user user1
This function is not suitable when both HiveMetastore data source authentication and multi-user mapping are enabled.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
