Dremio Impersonation/Database Proxying

RMartin · October 14, 2020, 1:11am

We’re planning on implementing EE over the next few months. Security is obviously something that needs to be taken very seriously.

Does Dremio support database proxying during authentication?

For example, in Dremio a source named Customers is connected to a SQL Server instance using an AD service account.

When users log into Dremio, via LDAP and execute a query against that physical asset, is the query being executed under the security context of the AD service account (tied to the source config) or the logged in user?

I’ve read through this Impersonation to Data sources (Granted access on Datasource) as well as the documentation on impersonation and am not quite clear yet.

balaji.ramaswamy · October 14, 2020, 7:11am

@RMartin

For SQL server we currently support username/password based authentication. Would your requirement be based of AD account?

Thanks
Bali

RMartin · October 14, 2020, 2:13pm

Thanks for the reply, we were assuming, using EE, the SQL Server source would be configured to use an AD based service account (even if the password was entered in the config)…rather than a local DB account…

marek · October 15, 2021, 10:50am

To reiterate on that, do you have any plans to support impersonation on DB side?
I’m referring to e.g. things like this: EXECUTE AS (Transact-SQL) - SQL Server | Microsoft Docs

balaji.ramaswamy · October 19, 2021, 5:57am

@marek Currently impersonation is only supported for HDFS and Hive

Topic		Replies	Views
Impersonation to Data sources (Granted access on Datasource)	3	1754	January 17, 2019
External Datasource MS SQL server using AD authentication	3	952	October 19, 2021
Passthru security	4	1136	November 7, 2019
How to impersonate a query_user() when querying a VDS?	1	927	October 13, 2021
Hdfs and Hive Querying from dremio	1	1065	May 30, 2019

Dremio Impersonation/Database Proxying

Related Topics