Updated on 2024-10-25 GMT+08:00

Configuring Proxy User Authentication

This topic is available for MRS 3.3.0 or later.

You can use Ranger to authenticate a specified proxy user in HetuEngine for FusionInsight Manager user authentication. When you use the HetuEngine client, you can set --session-user to specify a proxy user.

For details about how to create an authentication user or proxy user, see Creating a HetuEngine Permission Role.

You need to enable Ranger authentication and grant the proxy user the permissions to manage the databases, tables, and columns of the data source. For details, see Adding a Ranger Access Permission Policy for HetuEngine.

  • Kerberos authentication is enabled for the cluster (the cluster is in security mode)
    1. Use kinit to specify a user to be authenticated, for example, hetuadmin1. (The user must be a HetuEngine administrator and added to the supergroup user group to authenticate other users.)

      kinit hetuadmin1

      Enter the password as prompted and change the password upon your first login.

    2. Use --session-user to specify a proxy user, for example, user1.

      hetu-cli --session-user user1

  • Kerberos authentication is disabled for the cluster (the cluster is in normal mode)

    Use --user to specify a user to be authenticated, for example, user (must belong to the hetuuser user group). Use --session-user to specify a proxy user, for example, user1.

    hetu-cli --user user --session-user user1

This function is not suitable when both HiveMetastore data source authentication and multi-user mapping are enabled.