[ https://issues.apache.org/jira/browse/STORM-446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14334218#comment-14334218 ]
Sriharsha Chintalapani commented on STORM-446: ---------------------------------------------- [~parth.brahmbhatt] As you said saslServer.getAuthorizationID() will get the initial authID and don't think there is a way to submit other user credentials once the initial sasl connection setup. Is it possible to add a single thriftApi that takes in UGI and a operation i.e uploadTopology ,rebalance etc and on the server side does this as the UGI? > secure Impersonation in storm > ----------------------------- > > Key: STORM-446 > URL: https://issues.apache.org/jira/browse/STORM-446 > Project: Apache Storm > Issue Type: Improvement > Reporter: Sriharsha Chintalapani > Assignee: Parth Brahmbhatt > Labels: Security > > Storm security adds features of authenticating with kerberos and than uses > that principal and TGT as way to authorize user operations, topology > operation. Currently Storm UI user needs to be part of nimbus.admins to get > details on user submitted topologies. Ideally storm ui needs to take > authenticated user principal to submit requests to nimbus which will than > authorize the user rather than storm UI user. This feature will also benefit > superusers to impersonate other users to submit topologies in a secured way. -- This message was sent by Atlassian JIRA (v6.3.4#6332)