Security and Permissions
On this page
SQL Permissions
The Spark user must have access to the master aggregator/SingleStore cluster.
Additionally, SingleStore has a Permissions Matrix which describes the permissions required to run each command.
To perform any SQL operations through the SingleStore Spark Connector, you should have different permissions for different types of operations.ALL PRIVILEGES
permission allows you to perform any operation.
Operation |
Min. |
Alternative Permission |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
SSL Support
The SingleStore Spark Connector uses the SingleStore JDBC Driver under the hood and thus supports SSL configuration out of the box.
Ensure that your SingleStore cluster has SSL configured.
Once you have setup SSL on your server, use the following options to enable SSL:
spark.conf.set("spark.datasource.singlestore.useSSL", "true")spark.conf.set("spark.datasource.singlestore.serverSslCert", "PATH/TO/CERT")
Note: The serverSslCert
option may be server’s certificate in DER form, or the server’s CA certificate.
-
Full path to certificate:
serverSslCert=/path/to/cert.
pem -
Relative to current classpath:
serverSslCert=classpath:relative/cert.
pem -
Verbatim DER-encoded certificate string:
------BEGIN CERTIFICATE-----.
. .
Depending on your SSL configuration, set these additional options:
spark.conf.set("spark.datasource.singlestore.trustServerCertificate", "true")spark.conf.set("spark.datasource.singlestore.disableSslHostnameVerification", "true")
See The SingleStore JDBC Driver for more information.
Connect with a Kerberos-authenticated User
You can use the SingleStore Spark Connector with a Kerberized user without any additional configuration.user
option).
Here is an example of configuring the Spark connector globally with a Kerberized SingleStore user named krb_
.
spark = SparkSession.builder().config(“spark.datasource.singlestore.user”, “krb_user”).getOrCreate()
You do not need to provide a password when configuring a Spark Connector user that is Kerberized.
Authenticate via JWTs
To authenticate your connection to a SingleStore cluster using the SingleStore Spark connector with a JWT, specify the following parameters:
-
credentialType=JWT
-
password=<jwt-token>
Note
To authenticate your connection to the SingleStore cluster using JWTs, the SingleStore user must connect via SSL and use JWT for authentication.
CREATE USER 'email@example.com'@'%' IDENTIFIED WITH authentication_jwt REQUIRE SSL;
Last modified: May 3, 2023