Dremio Impersonation/Database Proxying

RMartin · October 14, 2020, 1:11am

We’re planning on implementing EE over the next few months. Security is obviously something that needs to be taken very seriously.

Does Dremio support database proxying during authentication?

For example, in Dremio a source named Customers is connected to a SQL Server instance using an AD service account.

When users log into Dremio, via LDAP and execute a query against that physical asset, is the query being executed under the security context of the AD service account (tied to the source config) or the logged in user?

I’ve read through this Impersonation to Data sources (Granted access on Datasource) as well as the documentation on impersonation and am not quite clear yet.

balaji.ramaswamy · October 14, 2020, 7:11am

@RMartin

For SQL server we currently support username/password based authentication. Would your requirement be based of AD account?

Thanks
Bali

RMartin · October 14, 2020, 2:13pm

Thanks for the reply, we were assuming, using EE, the SQL Server source would be configured to use an AD based service account (even if the password was entered in the config)…rather than a local DB account…

marek · October 15, 2021, 10:50am

To reiterate on that, do you have any plans to support impersonation on DB side?
I’m referring to e.g. things like this: EXECUTE AS (Transact-SQL) - SQL Server | Microsoft Docs

balaji.ramaswamy · October 19, 2021, 5:57am

@marek Currently impersonation is only supported for HDFS and Hive

Topic		Replies	Views
Impersonation to Data sources (Granted access on Datasource)	3	1649	January 17, 2019
External Datasource MS SQL server using AD authentication	3	896	October 19, 2021
Passthru security	4	1067	November 7, 2019
SQL Server Windows Authentication	11	3012	December 3, 2018
Dremio - ODBC connection- Windows Authentication not available	2	1470	October 14, 2021

Dremio Impersonation/Database Proxying

Related Topics