Dremio Impersonation/Database Proxying

We’re planning on implementing EE over the next few months. Security is obviously something that needs to be taken very seriously.

Does Dremio support database proxying during authentication?

For example, in Dremio a source named Customers is connected to a SQL Server instance using an AD service account.

When users log into Dremio, via LDAP and execute a query against that physical asset, is the query being executed under the security context of the AD service account (tied to the source config) or the logged in user?

I’ve read through this Impersonation to Data sources (Granted access on Datasource) as well as the documentation on impersonation and am not quite clear yet.


For SQL server we currently support username/password based authentication. Would your requirement be based of AD account?


Thanks for the reply, we were assuming, using EE, the SQL Server source would be configured to use an AD based service account (even if the password was entered in the config)…rather than a local DB account…

To reiterate on that, do you have any plans to support impersonation on DB side?
I’m referring to e.g. things like this: EXECUTE AS (Transact-SQL) - SQL Server | Microsoft Docs

@marek Currently impersonation is only supported for HDFS and Hive