Impersonate Kerberos user on HDFS
Philippe de Rochambeau
phiroc at free.fr
Thu Apr 11 02:40:40 EDT 2024
Hello,
Let's say a user has the following rights on HDFS (which are constrained Apache Ranger):
/prd/a/b/c <- read right
/prd/a/b/d <- read/write right
I would like to get a broad picture of his/her complete access rights.
I could look at the general policies in Apache Ranger and try to figure out which apply to my user, but that's complicated.
I wonder if there is another way (which ideally could be automated with a script) roughly:
- impersonate the user as, say, admin, with kinit; e.g. kinit <user>
- scan all HDFS directories and try to read or write
Does anyone have suggestions?
PS I've asked similar questions on the Apache Ranger mailing list, but with no success.
Many thanks.
Philippe
More information about the Kerberos
mailing list