Developing Apache Spark Applications
Also available as:

Spark SQL User Impersonation

This section provides information about Spark SQL user impersonation.

When user impersonation is enabled for Spark SQL through the Spark Thrift server, the Thrift server runs queries as the submitting user. By running queries under the user account associated with the submitter, the Thrift Server can enforce user level permissions and access control lists. This enables granular access control to Spark SQL at the level of files or tables. Associated data cached in Spark is visible only to queries from the submitting user.

Spark SQL user impersonation is supported for Apache Spark 1 versions 2.0.0 and later. To enable user impersonation, see "Enabling User Impersonation for the Spark Thrift Server" in this guide. The following paragraphs illustrate several features of user impersonation.