Inbound Impersonation - Dremio Software

1

Hello @balaji.ramaswamy/Team,

Greetings! We are testing out inbound personation and are attempting to have a service account get data based on permissions of target user context (user1 or user2). We have already set impersonation policies in exec.impersonation.inbound_policies specifying appropriate proxy principals and target principals.

However, I could not find how do I associate target user context in my call. I am open to try out the call from REST API, ODBC or Arrow Flight SQL or native python arrow flight client. I tried passing impersonated_user, impersonatedUser, DelegatedUID in header or payload but was unsuccessful to get it working. Didn’t try JDBC since documentation says impersonation is NOT supported for JDBC.

  1. Would appreciate your help or few things to try out.
  2. Also, are ODBC (plain vanilla) and ODBC Arrow Flight SQL connector the same, there is only available to download on the website. If there is plain vanilla ODBC, I can try out DelegationUID for which I saw a blog post

Regards,
RK

2

@rdkworld

Have you tried going through this doc and is there information missing, if yes I can certainly follow up with the right teams

3

@balaji.ramaswamy thanks for getting back. Yes i have referred the instructions from this document itself and configured Dremio accordingly. However, this example/usecase refers to connecting from tools like DBeaver and Tableau, i am looking to connect via REST API but also open to pdbc, jdbc, arrow flight

4

@rdkworld Dbeaver should use JDBC or Flight. How are you connecting from Dbeaver or Tableau?

5

@balaji.ramaswamy Sorry I dont plan to use DBeaver or Tableau, i was referring them because the blog you provided uses them and that part is not relevant to my use case

For my usecase, i am trying to connect from python via rest api or odbc or arrow, i have detailed out in my original post

6

@balaji.ramaswamy Anything further on this?