Sample MAPR DataTap - Impersonation
This image shows a sample MAPR DataTap with impersonation.
This sample DataTap Enable has the Enable Impersonation option enabled. The following conditions need to be met in order to support impersonation:
The ticket should support impersonation. For example, if the ticket user is either
mapr
or root
, then the ticket can be used for
impersonation, and the ticket type servicewithimpersonation
can support impersonation.
The real user should exist in the MapR cluster. If the real user does not exist in the MapR cluster, then the connection between the DataTap and the MapR cluster will be rejected. Generally, the container and the MapR cluster should be configured with the same AD/LDAP settings.
When the real user logs in to the container to create a new file against the MapR DataTap with impersonation, then the owner of file will be the real user. For example:
- If the real user
testuser
logs in to the container to create a new file by executing the commandHadoop fs -put ./testfile dtap://local/
, then the actual file owner oftestfile
will betestuser
in the MapR cluster. - If the real user logs in to the container to list the files against a MapR DataTap with impersonation, then the owner of file will be the actual owner of the file.