You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@impala.apache.org by ta...@apache.org on 2019/08/12 18:55:23 UTC
[impala] 02/03: IMPALA-8837: [DOCS] HTTP support for
proxy/delegation connection
This is an automated email from the ASF dual-hosted git repository.
tarmstrong pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git
commit 620329f6d72d1a09edf560e7da0bc1d09e13a57f
Author: Alex Rodoni <ar...@cloudera.com>
AuthorDate: Wed Aug 7 13:11:36 2019 -0700
IMPALA-8837: [DOCS] HTTP support for proxy/delegation connection
- Added a line on Knox support.
Change-Id: I591e0fd736ea114aa52a999acf41806a94e49382
Reviewed-on: http://gerrit.cloudera.org:8080/14033
Tested-by: Impala Public Jenkins <im...@cloudera.com>
Reviewed-by: Thomas Tauber-Marshall <tm...@cloudera.com>
---
docs/topics/impala_authentication.xml | 3 +++
docs/topics/impala_delegation.xml | 17 +++++++++++------
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/docs/topics/impala_authentication.xml b/docs/topics/impala_authentication.xml
index 996a927..4405b5c 100644
--- a/docs/topics/impala_authentication.xml
+++ b/docs/topics/impala_authentication.xml
@@ -43,6 +43,9 @@ under the License.
<p>
Impala supports authentication using either Kerberos or LDAP.
</p>
+ <p>
+ You can also make proxy connections to Impala through Apache Knox.
+ </p>
<note conref="../shared/impala_common.xml#common/authentication_vs_authorization"/>
diff --git a/docs/topics/impala_delegation.xml b/docs/topics/impala_delegation.xml
index c2a4722..bf2d4cc 100644
--- a/docs/topics/impala_delegation.xml
+++ b/docs/topics/impala_delegation.xml
@@ -20,7 +20,7 @@ under the License.
<!DOCTYPE concept PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept rev="1.2" id="delegation">
- <title>Configuring Impala Delegation for Hue and BI Tools</title>
+ <title>Configuring Impala Delegation for Clients</title>
<prolog>
<metadata>
@@ -38,10 +38,10 @@ under the License.
<conbody>
<p>
- When users submit Impala queries through a separate application, such as Hue or a business
- intelligence tool, typically all requests are treated as coming from the same user. In
- Impala 1.2 and higher, Impala supports <q>delegation</q> where users whose names you
- specify can delegate the execution of a query to another user. The query runs with the
+ When users submit Impala queries through a separate client application, such as Hue or a
+ business intelligence tool, typically all requests are treated as coming from the same
+ user. In Impala 1.2 and higher, Impala supports <q>delegation</q> where users whose names
+ you specify can delegate the execution of a query to another user. The query runs with the
privileges of the delegated user, not the original authenticated user.
</p>
@@ -147,6 +147,11 @@ under the License.
When opening a client connection, the client must provide a delegated username via the
HiveServer2 protocol property,<codeph>impala.doas.user</codeph> or
<codeph>DelegationUID</codeph>.
+ <p>
+ When the client connects over HTTP, the <codeph>doAs</codeph> parameter can be
+ specified in the HTTP path, e.g.
+ <codeph>/?doAs=</codeph><varname>delegated_user</varname>.
+ </p>
</li>
<li>
@@ -183,7 +188,7 @@ under the License.
The user or group delegation process works as follows:
<ol>
<li>
- The Impalad daemon starts with one of the following options:
+ The <codeph>impalad</codeph> daemon starts with one of the following options:
<ul>
<li>
<codeph>‑‑authorized_proxy_user_config=<varname>authenticated_user</varname>=<varname>delegated_user</varname></codeph>