The operating system user that starts Datameer is the user logged that runs all the different tasks within Datameer, no matter which user is signed into Datameer. The impersonation feature allows the Datameer administrator to let the Datameer users appear to be running the tasks, and data is previewed by the logged in user from HDFS sources.

Prerequisites

The follow prerequisites are required to enable simple impersonation within Datameer.

The Datameer users must also be operating system users. The user names needed to be mapped 1:1.
All of the operating system users must be located within a common group.
The user running Datameer must be a superuser of HDFS. For more information, refer to the Apache Hadoop documentation.

Simple impersonation isn't supported by the Spark execution frameworks.

Configuring Simple Impersonation

Follow the steps to configure simple impersonation in Datameer:

Log into Datameer as an administrator.
Click on the Admin tab.
Select Hadoop Cluster from the side menu.
Click Edit to adjust the Hadoop cluster configurations.
Select Enable Impersonation under Storage Settings.
Click Save.

Running the Simple Impersonation Tool to Migrate Permissions on Existing Objects (Optional)

Datameer packages a tool located in the /bin/ folder named unsecure_hdfs_tool.sh

The user running Datameer must be a superuser of HDFS.

Follow the steps to begin running simple impersonation on Datameer:

Stop Datameer.

Run the following command:

bin/unsecure_*.sh -u -g <Operating system group name with Datameer users>

Start Datameer.

Simple Impersonation on MapR

Additional steps for those running MapR to enable simple impersonation:

Create a file (local file system) /opt/mapr/conf/proxy/mapr as user root .
```
touch /opt/mapr/conf/proxy/mapr
```
Add a environment variable _ MAPR_IMPERSONATION_ENABLED="true". In this case, a new line in the file _etc/das-env.sh.
```
export  MAPR_IMPERSONATION_ENABLED="true"
```

Add the configuration in core-site.xml.

<property>
  <name>hadoop.proxyuser.mapr.groups</name>
  <value>*</value>
</property>

<property>
  <name>hadoop.proxyuser.mapr.hosts</name>
  <value>*</value>
</property>

<property>
  <name>hadoop.proxyuser.root.groups</name>
  <value>*</value>
</property>

<property>
  <name>hadoop.proxyuser.root.hosts</name>
  <value>*</value>
</property>

Expected Impersonation Behaviors

Refer to the following table to understand how simple impersonation affects the ownership of import jobs, file uploads, data links, workbooks, and export jobs. Note that the group permissions apply to the artifact, not the folders the artifacts are in.

Scenario	Owner in HDFS	Group in HDFS	Permissions for owner in HDFS	Permissions for group in HDFS	Owner of YARN application (when job is triggered manually)	Owner of YARN application (when job is triggered by schedule)	Preview data accessed as
Creating an artifact	Creator	Group selected, if none selected, the default Datameer group	Read and write	Only read	n/a	n/a	n/a
Running a job	Creator	n/a	Read and write	Only read	Creator	Creator	Logged in user
Generating preview data	Creator	Group selected, if none selected, the default Datameer group	Read and write	Only read	Creator	Creator	Logged in user
Saving edited artifact (not as creator)	Creator	Group selected, if none selected, the default Datameer group	Read and write	Only read	Creator	Creator	Logged in user
Updating permissions	Creator	Newly selected group	Read and write	Newly selected group and read permission only	Creator	Creator	Logged in user

Browser not supported