A distributed computing system can provide various services such as distributed data processing services, distributed file storage services, distributed database services, or distributed messaging services. For example, a distributed computing system based on Apache® Hadoop® technology can include a Hadoop Distributed File System (HDFS) component that provides file storage service, a Hive™ component that provides data warehouse service, and a Spark™ component that provides data processing service. In the system, service-specific system accounts, such as hdfs, hive and spark, sometimes referred to as service accounts, may be used to access data of the respective services. Multiple application programs can use the service accounts to access the data. Multiple end users may use the application programs. The end users may be trusted by the distributed computing system or they may come from non-trusted data sources like enterprises, homes, other clouds, etc.
In conventional technology, mapping the end user accounts to the service account can be achieved in a static manner. For example, a conventional system can achieve the mapping at system level, where the mapping is built into the distributed computing system. A conventional system can achieve the mapping at application level, where the mapping is built into each application program.