Passthru security

daveemc · November 4, 2019, 5:11pm

I have a usecase where the dremio service account used to connect to the datasource needs to pass the id of the user, so the underlying database can use prebuild security views of the datasource for a particular user.

I studied the code - every access has the user name.

JDBC has support for alternateUsernameAllowed which allows for overrite of connection with a different user.

Is it conceivable for Dremio server to send alternate credentials vs the service account user to the underlying database so security views already built can be utilized?

balaji.ramaswamy · November 4, 2019, 9:21pm

@daveemc

We support this for certain type of sources like Hive/HDFS. This passthru security is only available in the Enterprise edition of the software

daveemc · November 5, 2019, 12:12am

Enterprise good. The company i am working with needs passthru to database side as well (postgres, sql server, oracle, teradata).

Does enterprise support pass thru for them as well?

doron · November 7, 2019, 6:14pm

We do not support impersonating users on those sources, only the Hadoop stack. You can set access control rules in Dremio on sources/datasets.

daveemc · November 7, 2019, 7:11pm

I looked at code - jobs and queries to jdbc are aware of who created job or who made request.

How hard would it be to use actual user who made request vs service account?

Can be done in fork?

Topic		Replies	Views
Impersonation to Data sources (Granted access on Datasource)	3	1648	January 17, 2019
Dremio Impersonation/Database Proxying	4	1177	October 19, 2021
Dremio - ODBC connection- Windows Authentication not available	2	1469	October 14, 2021
External Datasource MS SQL server using AD authentication	3	895	October 19, 2021
Error JDBC Connection in Dremio Cloud Dremio Cloud	5	1279	April 12, 2022

Passthru security

Related Topics