drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keys Botzum (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DRILL-4281) Drill should support inbound impersonation
Date Mon, 18 Jan 2016 18:51:39 GMT
Keys Botzum created DRILL-4281:

             Summary: Drill should support inbound impersonation
                 Key: DRILL-4281
                 URL: https://issues.apache.org/jira/browse/DRILL-4281
             Project: Apache Drill
          Issue Type: Improvement
            Reporter: Keys Botzum

Today Drill supports impersonation *to* external sources. For example I can authenticate to
Drill as myself and then Drill will access HDFS using impersonation

In many scenarios we also need impersonation to Drill. For example I might use some front
end tool (such as Tableau) and authenticate to it as myself. That tool (server version) then
needs to access Drill to perform queries and I want those queries to run as myself, not as
the Tableau user. While in theory the intermediate tool could store the userid & password
for every user to the Drill this isn't a scalable or very secure solution.

Note that HS2 today does support inbound impersonation as described here:  https://issues.apache.org/jira/browse/HIVE-5155

The above is not the best approach as it is tied to the connection object which is very coarse
grained and potentially expensive. It would be better if there was a call on the ODBC/JDBC
driver to switch the identity on a existing connection. Most modern SQL databases (Oracle,
DB2) support such function.

This message was sent by Atlassian JIRA

View raw message