Enabling Impersonation for any User

Provides a procedure necessary to implement impersonation for any data-fabric user.

To enable impersonation for any data-fabric user:

  1. Log in to the system as root, mapr user, or any user with full control.
  2. Generate a servicewithimpersonation ticket for the data-fabric user.
    For example: 
    $ maprlogin generateticket -type servicewithimpersonation -user mapruser1 -out /var/tmp/sample_ticket
    Warning: The mapr user ticket can be used to impersonate any user, including user root.

    You can generate a scoped servicewithimpersonation ticket for the user. The scoped impersonation tickets allows the user using the ticket to impersonate only the UIDs and or GIDs specified in the ticket. For example:

    $ maprlogin generateticket -type servicewithimpersonation -user mapruser1 -impersonateduids 550 -impersonatedgids 500 -out /var/tmp/sample_ticket
    Note: When generating a scoped impersonation ticket, the impersonated UIDs cannot contain the UID of user root or user mapr, and the impersonated GIDs cannot contain the GID of user root or user mapr.
    For more information, see maprlogin.
  3. Move the ticket to a secure location and share the ticket with the user (for whom this ticket was generated).
  4. (Optional) Copy the file to a permanent directory.