Skip to main content Skip to complementary content
Qlik Resources
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal

Defining the list of users allowed to run tasks as different users

To control which operating system users can be impersonated during Job execution, use the RUN_AS_ALLOWLIST parameter. This allowlist restricts Talend JobServer to only impersonate users explicitly listed in the configuration.

About this task

When a Job execution request specifies an operating system user to impersonate:

  • If the user is in the allowlist: Talend JobServer creates a process on behalf of that user and executes the Job under that user's operating system privileges.
  • If the user is not in the allowlist: Talend JobServer rejects the execution request and fails with an authorization error.

This mechanism prevents unauthorized or malicious requests from attempting to execute Jobs as privileged operating system users (such as root or other system accounts).

Information noteTip:

If the allowlist is empty, only Job executions without impersonation work normally. Any attempt to impersonate a user is rejected. If you set RUN_AS_ALLOWLIST=anybody, any operating system user is allowed to impersonate.

Procedure

  1. Open the <jobserver_path>/conf/TalendJobServer.properties file.
  2. Edit the org.talend.remote.jobserver.server.TalendJobServer.RUN_AS_ALLOWLIST value and add all the users you need.

    Commas are valid separators for username values. Use the following format:

    # Allow specified OS users (comma-separated) to be impersonated during Job execution
# Wildcards are supported (e.g., prod*, staging_user*)
# Example: allow jobuser1, jobuser2, and any user starting with "prod"
org.talend.remote.jobserver.server.TalendJobServer.RUN_AS_ALLOWLIST=jobuser1,jobuser2,this.super-user,prod*
  3. Restart Talend JobServer for the changes to take effect.

What to do next

Enable audit logging (see Setting up monitoring and auditing systems for Talend JobServer) to track which users are being impersonated and by whom. This provides visibility for security monitoring and compliance.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here