Enabling Secure Impersonation
Secure Impersonation is a feature that allows a user to make requests as another user in a secure way. For example, to allow the following impersonations:
- User hue can make requests as any user from any host.
- User foo can make requests as any member of group bar, from host1 or host2.
Configure the following properties in /etc/default/solr or /opt/cloudera/parcels/CDH-*/etc/default/solr:
SOLR_SECURITY_ALLOWED_PROXYUSERS=hue,foo SOLR_SECURITY_PROXYUSER_hue_HOSTS=* SOLR_SECURITY_PROXYUSER_hue_GROUPS=* SOLR_SECURITY_PROXYUSER_foo_HOSTS=host1,host2 SOLR_SECURITY_PROXYUSER_foo_GROUPS=bar
SOLR_SECURITY_ALLOWED_PROXYUSERS lists all of the users allowed to impersonate. For a user x in SOLR_SECURITY_ALLOWED_PROXYUSERS, SOLR_SECURITY_PROXYUSER_x_HOSTS list the hosts x is allowed to connect from to impersonate, and SOLR_SECURITY_PROXYUSERS_x_GROUPS lists the groups that the users is allowed to impersonate members of. Both GROUPS and HOSTS support the wildcard * and both GROUPS and HOSTS must be defined for a specific user.