Hello @balaji.ramaswamy/Team,
Greetings! We are testing out inbound personation and are attempting to have a service account get data based on permissions of target user context (user1 or user2). We have already set impersonation policies in exec.impersonation.inbound_policies specifying appropriate proxy principals and target principals.
However, I could not find how do I associate target user context in my call. I am open to try out the call from REST API, ODBC or Arrow Flight SQL or native python arrow flight client. I tried passing impersonated_user, impersonatedUser, DelegatedUID in header or payload but was unsuccessful to get it working. Didn’t try JDBC since documentation says impersonation is NOT supported for JDBC.
- Would appreciate your help or few things to try out.
- Also, are ODBC (plain vanilla) and ODBC Arrow Flight SQL connector the same, there is only available to download on the website. If there is plain vanilla ODBC, I can try out DelegationUID for which I saw a blog post
Regards,
RK
@rdkworld
Have you tried going through this doc and is there information missing, if yes I can certainly follow up with the right teams
@balaji.ramaswamy thanks for getting back. Yes i have referred the instructions from this document itself and configured Dremio accordingly. However, this example/usecase refers to connecting from tools like DBeaver and Tableau, i am looking to connect via REST API but also open to pdbc, jdbc, arrow flight
@rdkworld Dbeaver should use JDBC or Flight. How are you connecting from Dbeaver or Tableau?
@balaji.ramaswamy Sorry I dont plan to use DBeaver or Tableau, i was referring them because the blog you provided uses them and that part is not relevant to my use case
For my usecase, i am trying to connect from python via rest api or odbc or arrow, i have detailed out in my original post
@balaji.ramaswamy Anything further on this?
@rdkworld Just to narrow down the issue, would it be possible for you to connect from DBeaver (follow steps in doc) and see if that works as expected? Then we are sure the issue is specific to rest or odbc or arrow
@balaji.ramaswamy that was good idea to narrow down, so i connected from DBeaver as documented and was successfully able to test inbound impersonation from DBeaver. However, when I do the same from python using legacy jdbc driver - this is my usecase (I reference the same driver path as DBeaver), I get this error
Error connecting to the database: java.sql.SQLException: Failure in connecting to Dremio: cdjd.com.dremio.exec.rpc.ConnectionFailedException: CONNECTION : cdjd.io.netty.channel.AbstractChannel$AnnotatedConnectException: Connection timed out: no further information:
Any further ideas/thoughts would help
Separately, I cannot test from REST or ODBC or even arrow for that matter since I don’t see any confirmation or documentation that they support inbound impersonation.
@rdkworld It seems like you are getting a. connection timed out. Do you know if there is something logged on the Dremio side? At the same time of this exception, can you please check server.log?