0 Replies Latest reply on Jan 11, 2018 1:17 PM by scott.steesy

    Tableau SDK Extract API doesn't play nice with impersonation

    scott.steesy

      If I have a Windows process running with limited privileges, and it has a thread impersonating a user.

      That thread can initialize the SDK, but if you try to create an extract it blows up.

      Seems to be a named pipe security access or timeout exception for the DLL trying to talk to the TDEServer64.exe it uses.

      I'm guessing this is because the DLL uses the normal process start API which causes the EXE to run with the same identity as my process.

      Since they are different identities the 2 side of the pipe can't talk.

       

      I haven't checked the new Extract API 2.0, but I'm going to bet it has exactly the same problem.

       

      I see two possible ways that Tableau could use to fix the SDK:

      1) Create the pipe with rights for anyone, then both identities could use it.

      2) Start the EXE process using one of the 2 windows API process start that take a user token, so that the process will run as the same user the thread is impersonating.

       

      Anyone have any ideas to work around this problem?