User Impersonation for HttpFS

You can set up proxy user functionality if you want HttpFS to impersonate a user from a set of hosts, or to impersonate a user that belongs to a set of groups. When you configure proxy user functionality, the proxy user can perform “doAs” operations. Add configuration properties to the httpfs-site.xml and core-site.xml files to configure proxy user functionality.

Complete the following steps to configure user impersonation for HttpFS:

Add the following configuration properties to the /opt/mapr/httpfs/httpfs-1.0/etc/hadoop/httpfs-site.xml file :
- httpfs.proxyuser.#USER#.hosts
- httpfs.proxyuser.#USER#.groups
Replace #USER# with the username of the proxy that can perform “doAs” operations. For the host property, you can add a list of host names as the value. For the group property, you can add a list of groups as the value. Alternatively, you can add a wildcard character (*) as the value for host and group properties. To add multiple users, copy the property and replace #USER# with the proxy user name.
Host Example
```
<property>
        <name>httpfs.proxyuser.mapr.hosts</name>
        <value>*</value>       
</property>
```
Group Example
```
<property>
        <name>httpfs.proxyuser.mapr.groups</name>
        <value>*</value>        
</property>
```
Add the following configuration properties to the core-site.xml file, and replace #USER# with the username of the proxy:
- hadoop.proxyuser.#USER#.hosts
- hadoop.proxyuser.#USER#.groups

When you add the host property, the proxy user can only connect from a host to impersonate a user. When you add the group property, the proxy user can impersonate any member of any group.

Host Example

<property>
    <name>hadoop.proxyuser.mapr.hosts</name>
    <value>*</value>
</property>

Group Example

<property>
    <name>hadoop.proxyuser.mapr.groups</name>
    <value>*</value>
</property>