Our MapR usage involves creating less privileged user (having only login and cv acl) and then this user (and its credentials) are used to push data into MapR streams, submit spark jobs, execute rest api and running drill queries.
We currently are using this users' user ticket (created via maprlogin password command) on client machine to authenticate for pushing data into streams. Since this user ticket does not live long (expires within 2 weeks), we are re-generating this ticket before it expires (programmatically) on client machine.
1. Since this user does not have 'fc' acl, we can not create service ticket for this user. We are thinking of creating service ticket of this user via logging in as mapr user (mapr user has fc). Wanted to confirm that when client machine will use this ticket to authenticate to MapR cluster, it will get authorisation and privileges of this user only and not of MapR user.
2. Do service ticket (after authentication) give authorisation and privileges of the user by which service ticket was created after successful login ?