Enabling Secure Impersonation

Secure Impersonation is a feature that allows a user to make requests as another user in a secure way. For example, to allow the following impersonations:

  • User hue can make requests as any user from any host.
  • User foo can make requests as any member of group bar, from host1 or host2.
    Configure the following properties in /etc/default/solr or /opt/cloudera/parcels/CDH-*/etc/default/solr:
    SOLR_SECURITY_ALLOWED_PROXYUSERS=hue,foo
    SOLR_SECURITY_PROXYUSER_hue_HOSTS=*
    SOLR_SECURITY_PROXYUSER_hue_GROUPS=*
    SOLR_SECURITY_PROXYUSER_foo_HOSTS=host1,host2
    SOLR_SECURITY_PROXYUSER_foo_GROUPS=bar
SOLR_SECURITY_ALLOWED_PROXYUSERS lists all of the users allowed to impersonate. For a user x in SOLR_SECURITY_ALLOWED_PROXYUSERS, SOLR_SECURITY_PROXYUSER_x_HOSTS list the hosts x is allowed to connect from to impersonate, and SOLR_SECURITY_PROXYUSERS_x_GROUPS lists the groups that the users is allowed to impersonate members of. Both GROUPS and HOSTS support the wildcard * and both GROUPS and HOSTS must be defined for a specific user.