The ultimate Microsoft Fabric, Power BI, Azure AI, and SQL learning event: Join us in Stockholm, September 24-27, 2024.
Save €200 with code MSCUST on top of early bird pricing!
Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started
Dear team
What parameter does PowerBI Service ( On-premise Data Gateway ) sending to Cloudera Hive for Impersonation?
Is it sending DelegationUID parameter?
Details:
I am trying to implement a Cloudera Hive for impersonation.
It's PowerBI Service ( Data Gateway ) connecting Cloudera Hive in CDP .
I have already tested
1) PowerBI Service can access the Cloudera Hive with Kerberos (Windows Auth) and fetch data
2) On-premise data gateway and CDP Hive is using the same AD
3) I enabled the SSO in PowerBI Service connection, and passed the test.
*
I am using the following settings:
When I use Power BI Service to access the Cloudera Hive, Hive recogonize the user [admin] accessing it , not [zzeng_admin01] as expected.
CreateWindowsIdentityV1 userPrincipalName <euii>zzeng_admin01</euii>
About to execute function as impersonated user <euii>REALM_NAME_01\zzeng_admin01</euii> (IsAuthenticated: True, ImpersonationLevel: Impersonation)...
dsrJson: <ccon>{"protocol":"x-datasource","authentication":null,"address":{"kind":"ApacheHive","path":"base-master1.*******.cloudapp.net:10000;default;1"},"query":null}</ccon>, CredentialDetails.EncryptedConnection:NotEncrypted, useEncryptedConnection:False
Hive Log showed that it is still accessed by the user [admin] not [zzeng_admin01] (expecting zzeng_admin01)
org.apache.hive.service.cli.operation.Operation: [2576281b-726b-4e0a-a534-b9559d923b62 HiveServer2-Handler-Pool: Thread-329]: [opType=EXECUTE_STATEMENT, queryId=hive_20240808185633_02c6e891-38fa-442e-85da-f5356f14dbb5, startTime=1723110993585, sessionId=2576281b-726b-4e0a-a534-b9559d923b62, createTime=1723110993550, userName=admin, ipAddress=172.16.64.4]
org.apache.hadoop.hive.metastore.RetryingMetaStoreClient: [2576281b-726b-4e0a-a534-b9559d923b62 HiveServer2-Handler-Pool: Thread-329]: RetryingMetaStoreClient proxy=class org.apache.hadoop.hive.ql.metadata.SessionHiveMetaStoreClient ugi=admin (auth:PROXY) via hive/base-master1.******.lx.internal.cloudapp.net@******.LX.INTERNAL.CLOUDAPP.NET (auth:KERBEROS) retries=1 delay=1 lifetime=0
Do you have any information about what's On-premise data gateway sending to Cloudera Hive for Impersonation?
Solved! Go to Solution.
Might be worth going through these troubleshooting steps
Authentication and Kerberos Issues | CDP Private Cloud (cloudera.com)
Dear team
Thanks for your comments.
This was resolved.
My solution:
1) Remove MIT Kerberos
2) Fix my DNS server settings, to make sure that I can get the correct reverse DNS search
What connector are you using? Cloudera ODBC 2.7 ? Whatever you specify in the ODBC control panel will be sent over.
Hi @lbendlin , thanks for replying!
Yes, I am using Cloudera ODBC 2.7.
@lbendlin wrote:Whatever you specify in the ODBC control panel will be sent over.
We can't specify "DelegationUID" in ODBC control panel because in impersonation, this ODBC connection is shared with a group of user, and we expect MS On-premise data gateway can dynamically set the DelegationUID with current login user's ID to pass it to Cloudera Hive.
Do you think this is possible?
what does your Cloudera ODBC setting look like?
Cloudera Hive ODBC setting:
C:\Program Files\On-premises data gateway\m\ODBC Drivers\Simba Hive ODBC Driver.ini:
[Simba Hive ODBC Driver]
Driver=Cloudera ODBC Driver for Apache Hive\lib\ClouderaHiveODBC64.dll
HiveServerType=2
AuthMech=1
ThriftTransport=1
ServiceDiscoveryMode=0
ZKNamespace=
KrbRealm=******.LX.INTERNAL.CLOUDAPP.NET
KrbHostFQDN=_HOST
KrbServiceName=hive
Port=10000
Schema=default
UseNativeQuery=0
GetTablesWithQuery=1
SSL=0
I can pass the Cloudrea Hive ODBC test with MIT Kerberos installed.
Might be worth going through these troubleshooting steps
Authentication and Kerberos Issues | CDP Private Cloud (cloudera.com)
Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.
Check out the August 2024 Power BI update to learn about new features.
User | Count |
---|---|
56 | |
22 | |
12 | |
12 | |
10 |
User | Count |
---|---|
112 | |
37 | |
28 | |
21 | |
20 |