I think Livy super user is similar to Hadoop's proxy user, it allows this user to impersonate others, but it doesn't check whether other users is allowed to be impersonated.
In the meantime, Livy has ACL mechanisms, which allows only ACL verified users to connect to LivyServer, so I think with ACL, we can do a more fine-grained control. For other missing point, I think we can improve the Livy code. Marcelo Vanzin <van...@cloudera.com.invalid> 于2018年6月26日周二 上午9:53写道: > Superusers are a little more than "allowed to impersonate others". I > don't remember exactly what are the things that it allows, but it > would be better to add finer grained permissions. > > On Mon, Jun 25, 2018 at 6:30 PM, Saisai Shao <sai.sai.s...@gmail.com> > wrote: > > Yes, has a configuration "livy.superusers". Here in this case, the sql > > server user should be added as a superuser, who can impersonate other > > different users. > > > > Marcelo Vanzin <van...@cloudera.com.invalid> 于2018年6月26日周二 上午9:12写道: > > > >> You're talking about another service between the user and the > application. > >> > >> In that case a parameter probably makes sense. But then you'd need to > >> add those config options, because this is a dangerous feature, and > >> Livy should know who is allowed to impersonate who. In this case the > >> service needs to authenticate to Livy as a privileged user, and Livy's > >> configuration would say that the service's user is allowed to > >> impersonate certain users or groups (same as the other services that > >> allow impersonation like YARN). > >> > >> > >> On Mon, Jun 25, 2018 at 5:41 PM, Takeshi Yamamuro < > linguin....@gmail.com> > >> wrote: > >> > Yea, I know the Livy supports impersonation. > >> > I assume a case blow > >> > [different users] ---Some protocols---> [the server applications > managing > >> > multiple sessions for users] ---REST---> [Livy server] > >> > In this case, Livy already has a way to pass proxyUser from the > >> application > >> > to Livy? > >> > Sorry, but I'm not familiar with Livy internal logic. > >> > > >> > > >> > On Tue, Jun 26, 2018 at 9:14 AM Marcelo Vanzin > >> <van...@cloudera.com.invalid> > >> > wrote: > >> > > >> >> On Mon, Jun 25, 2018 at 5:09 PM, Takeshi Yamamuro < > >> linguin....@gmail.com> > >> >> wrote: > >> >> > In that case, I think Livy is useful; the application can pass > >> proxyUser > >> >> to > >> >> > build LivyClient for each user > >> >> > and run spark queries as each user authorization. > >> >> > >> >> But Livy already supports impersonation. It can impersonate the > >> >> authenticated user. > >> >> > >> >> You're suggesting adding a parameter so the user can request > >> >> impersonation of some specific user, which is a different thing. What > >> >> is the use case for that? > >> >> > >> >> -- > >> >> Marcelo > >> >> > >> > > >> > > >> > -- > >> > --- > >> > Takeshi Yamamuro > >> > >> > >> > >> -- > >> Marcelo > >> > > > > -- > Marcelo >
