Enabling Impersonation for any User

Provides the procedure necessary to implement impersonation for any Data Fabric user.

About this task

To enable impersonation for any Data Fabric user:

Procedure

  1. Log in to the system as root, the mapr user, or any user with full control.
  2. Generate a servicewithimpersonation ticket for the Data Fabric user.
    For example:
    $ maprlogin generateticket -type servicewithimpersonation -user mapruser1 -out /var/tmp/sample_ticket
    WARNING
    The mapr user ticket can be used to impersonate any user, including user root.

    You can generate a scoped servicewithimpersonation ticket for the user. Scoped impersonation tickets allow the user using the ticket to impersonate only the UIDs or GIDs specified in the ticket. For example:

    $ maprlogin generateticket -type servicewithimpersonation -user mapruser1 -impersonateduids 550 -impersonatedgids 500 -out /var/tmp/sample_ticket
    NOTE
    If you generate a scoped impersonation ticket, the impersonated UIDs cannot contain the UID of user root or user mapr. Also, the impersonated GIDs cannot contain the GID of user root or user mapr.
    For more information, see maprlogin.
  3. Move the ticket to a secure location, and share the ticket with the user for whom this ticket is generated.
  4. (Optional) Copy the file to a permanent directory.