Enabling Impersonation for any User
Provides the procedure necessary to implement impersonation for any Data Fabric user.
About this task
To enable impersonation for any Data Fabric user:
Procedure
-
Log in to the system as
root
, themapr
user, or any user with full control. -
Generate a
servicewithimpersonation
ticket for the Data Fabric user.For example:$ maprlogin generateticket -type servicewithimpersonation -user mapruser1 -out /var/tmp/sample_ticket
WARNINGThemapr
user ticket can be used to impersonate any user, including userroot
.You can generate a scoped
servicewithimpersonation
ticket for the user. Scoped impersonation tickets allow the user using the ticket to impersonate only the UIDs or GIDs specified in the ticket. For example:$ maprlogin generateticket -type servicewithimpersonation -user mapruser1 -impersonateduids 550 -impersonatedgids 500 -out /var/tmp/sample_ticket
For more information, seeNOTEIf you generate a scoped impersonation ticket, the impersonated UIDs cannot contain the UID of userroot
or usermapr
. Also, the impersonated GIDs cannot contain the GID of userroot
or usermapr
.maprlogin
. - Move the ticket to a secure location, and share the ticket with the user for whom this ticket is generated.
- (Optional) Copy the file to a permanent directory.