Hi all，The current Impala driver uses the following JDBC URL to connect to Impala:
jdbc:impala://node1.example.com:21050;AuthMech=1;KrbRealm=EXAMPLE.COM;KrbHostFQDN=node1.example.com;KrbServiceName=impala. Because we configured "kinit -kt sale_dept.keytab sale_dept/node1.example.com@EXAMPLE.COM" on the server. Therefore, no matter how many Impala databases we create in Metabase, we will retrieve data that the "sale_dept" principal can access. To obtain the desired result, we need to create different Impala databases using different keytab files and principals.
I have an idea, but I feel that the current driver cannot support it.
- Create a separate keytab file for each principal that needs to access Impala databases.
- Execute kinit command for each principal on the server to obtain TGTs and store them in their cache.
- Create separate Impala databases in Metabase for each principal, specifying the corresponding keytab file and principal.
- Each principal can only access the Impala database assigned to them.
Can anyone give me some advice? I would be grateful.