How to impersonate a query_user() when querying a VDS?

vishnuu · October 12, 2021, 7:24am

Hello,

We are developing an internal API that allows users to download a VDS stored in Dremio Enterprise (without the user being aware of and connecting to Dremio).

We need to provide row/column level security for a given user who has requested access to a VDS. Currently, there is a service account which has full permissions on the VDS, however, we need to pass in the “query_user()” property to Dremio via ODBC to ensure the data returned respects the row/column level security of the end user.

The query job will still need to be run by the ‘service account’ however the query needs to be able to impersonate a user such as “JohnSmith001” to ensure the data is returned based on JohnSmith001 permissions.

Is this possible? For example:
EXECUTE AS [JohnSmith001]
Select * From [schema].[myVDS]

balaji.ramaswamy · October 13, 2021, 4:29am

@vishnuu Currently that is not possible but if the source is Hive or HDFS which supports impersonation and impersonation is turned on, you can uncheck “Allow VDS-based Access Delegation” and this will run the query as the logged in user

Topic		Replies	Views
Hdfs and Hive Querying from dremio	1	1065	May 30, 2019
Querying Specific User's Authorized Data using Dremio REST API Dremio University	1	457	August 22, 2023
Dremio Impersonation/Database Proxying	4	1256	October 19, 2021
Error when querying dataset	6	2744	August 28, 2019
Impersonation to Data sources (Granted access on Datasource)	3	1755	January 17, 2019

How to impersonate a query_user() when querying a VDS?

Related topics