You're talking about another service between the user and the application. In that case a parameter probably makes sense. But then you'd need to add those config options, because this is a dangerous feature, and Livy should know who is allowed to impersonate who. In this case the service needs to authenticate to Livy as a privileged user, and Livy's configuration would say that the service's user is allowed to impersonate certain users or groups (same as the other services that allow impersonation like YARN).
On Mon, Jun 25, 2018 at 5:41 PM, Takeshi Yamamuro <linguin....@gmail.com> wrote: > Yea, I know the Livy supports impersonation. > I assume a case blow > [different users] ---Some protocols---> [the server applications managing > multiple sessions for users] ---REST---> [Livy server] > In this case, Livy already has a way to pass proxyUser from the application > to Livy? > Sorry, but I'm not familiar with Livy internal logic. > > > On Tue, Jun 26, 2018 at 9:14 AM Marcelo Vanzin <van...@cloudera.com.invalid> > wrote: > >> On Mon, Jun 25, 2018 at 5:09 PM, Takeshi Yamamuro <linguin....@gmail.com> >> wrote: >> > In that case, I think Livy is useful; the application can pass proxyUser >> to >> > build LivyClient for each user >> > and run spark queries as each user authorization. >> >> But Livy already supports impersonation. It can impersonate the >> authenticated user. >> >> You're suggesting adding a parameter so the user can request >> impersonation of some specific user, which is a different thing. What >> is the use case for that? >> >> -- >> Marcelo >> > > > -- > --- > Takeshi Yamamuro -- Marcelo
