I have a usecase where the dremio service account used to connect to the datasource needs to pass the id of the user, so the underlying database can use prebuild security views of the datasource for a particular user.
I studied the code - every access has the user name.
JDBC has support for alternateUsernameAllowed which allows for overrite of connection with a different user.
Is it conceivable for Dremio server to send alternate credentials vs the service account user to the underlying database so security views already built can be utilized?
We support this for certain type of sources like Hive/HDFS. This passthru security is only available in the Enterprise edition of the software
Enterprise good. The company i am working with needs passthru to database side as well (postgres, sql server, oracle, teradata).
Does enterprise support pass thru for them as well?
We do not support impersonating users on those sources, only the Hadoop stack. You can set access control rules in Dremio on sources/datasets.
I looked at code - jobs and queries to jdbc are aware of who created job or who made request.
How hard would it be to use actual user who made request vs service account?
Can be done in fork?