Enabling or disabling impersonation in Db2 Big SQL

Impersonation is the ability to allow a service user to securely access data on behalf of another user.

Impersonation applies only if the following conditions are true:
  • The Db2 Big SQL service is connected to a remote Hadoop data lake, not to an object store service.
  • Ranger is not enabled.

For more information about impersonation, see Impersonation in Db2 Big SQL on CDP.

Best practice: You can run the commands in this task exactly as written if you set up environment variables. For instructions, see Setting up installation environment variables.

Ensure that you source the environment variables before you run the commands in this task.

Enabling impersonation

To enable impersonation, complete the following steps:
  1. Log in to Red Hat® OpenShift® Container Platform as an instance administrator.
    ${OC_LOGIN}
    Remember: OC_LOGIN is an alias for the oc login command.
  2. Change to the project where the IBM® Software Hub control plane is installed:
    oc project ${PROJECT_CPD_INST_OPERANDS}
  3. Identify the Db2 Big SQL instance ID:
    oc get cm -l component=db2bigsql -o custom-columns="Instance Id:{.data.instance_id},Instance Name:{.data.instance_name},Created:{.metadata.creationTimestamp}"
  4. Get the name of the Db2 Big SQL head pod:
    head_pod=$(oc get pod -l app=bigsql-<instance_id>,name=dashmpp-head-0 --no-headers=true -o=custom-columns=NAME:.metadata.name)
  5. Enable impersonation:
    oc exec -i $head_pod -- sudo su - db2inst1 -c "/usr/ibmpacks/current/bigsql/bigsql/bigsql-cli/bigsql-config -enableImpersonation"
  6. Update the value of bigsql.alltables.io.doAs in $BIGSQL_HOME/conf/bigsql-conf.xml from false to true by running the following command:
    oc exec -i $head_pod -- bash -c 'db2uctl adm bigsql config --key bigsql.alltables.io.doAs --value true'
  7. Restart Db2 Big SQL:
    oc exec -i $head_pod -- sudo su - db2inst1 -c "bigsql stop; bigsql start"

Disabling impersonation

To disable impersonation, complete the following steps:
  1. Log in to Red Hat OpenShift Container Platform as an instance administrator.
    ${OC_LOGIN}
    Remember: OC_LOGIN is an alias for the oc login command.
  2. Change to the project where the IBM Software Hub control plane is installed:
    oc project ${PROJECT_CPD_INST_OPERANDS}
  3. Identify the Db2 Big SQL instance ID:
    oc get cm -l component=db2bigsql -o custom-columns="Instance Id:{.data.instance_id},Instance Name:{.data.instance_name},Created:{.metadata.creationTimestamp}"
  4. Get the name of the Db2 Big SQL head pod:
    head_pod=$(oc get pod -l app=bigsql-<instance_id>,name=dashmpp-head-0 --no-headers=true -o=custom-columns=NAME:.metadata.name)
  5. Disable impersonation:
    oc exec -i $head_pod -- sudo su - db2inst1 -c "/usr/ibmpacks/current/bigsql/bigsql/bigsql-cli/bigsql-config -disableImpersonation"
oc exec -i $head_pod -- db2uctl adm bigsql config --key bigsql.alltables.io.doAs --value false
  6. Restart Db2 Big SQL:
    oc exec -i $head_pod -- sudo su - db2inst1 -c "bigsql stop; bigsql start"