How to impersonate a query_user() when querying a VDS?


We are developing an internal API that allows users to download a VDS stored in Dremio Enterprise (without the user being aware of and connecting to Dremio).

We need to provide row/column level security for a given user who has requested access to a VDS. Currently, there is a service account which has full permissions on the VDS, however, we need to pass in the “query_user()” property to Dremio via ODBC to ensure the data returned respects the row/column level security of the end user.

The query job will still need to be run by the ‘service account’ however the query needs to be able to impersonate a user such as “JohnSmith001” to ensure the data is returned based on JohnSmith001 permissions.

Is this possible? For example:
EXECUTE AS [JohnSmith001]
Select * From [schema].[myVDS]

@vishnuu Currently that is not possible but if the source is Hive or HDFS which supports impersonation and impersonation is turned on, you can uncheck “Allow VDS-based Access Delegation” and this will run the query as the logged in user