[FEATURE] Support User Impersonation for Kyuubi

[nqvuong1998]

Code of Conduct

• I agree to follow this project's Code of Conduct

Search before asking

• I have searched in the issues and found no similar issues.

Describe the feature

This feature controls the ability of a user to impersonate another user. In some environments it is desirable for an administrator (or managed system) to run queries on behalf of other users. In these cases, the administrator authenticates using their credentials, and then submits a query as a different user. When the user context is changed, Trino verifies that the administrator is authorized to run queries as the target user.

Motivation

Using BI tools like HUE and Superset, set up a connection URL with admin credentials. Then, enable impersonation so that the login user operates with their own permissions.

Describe the solution

Trino Impersonation rules: https://trino.io/docs/current/security/file-system-access-control.html#impersonation-rules

Additional context

No response

Are you willing to submit PR?

• Yes. I would be willing to submit a PR with guidance from the Kyuubi community to improve.
• No. I cannot submit a PR at this time.

[nqvuong1998]

cc @yaooqinn @pan3793

[pan3793]

This could not be fully implemented without hacking Spark, we recommend using the USER/CONNECTION share level on Kerberized Hadoop cluster to achieve the goal.