drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nagarajan Chinnasamy (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-5132) Context based dynamic parameterization of views
Date Sat, 17 Dec 2016 13:44:59 GMT

    [ https://issues.apache.org/jira/browse/DRILL-5132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15757059#comment-15757059
] 

Nagarajan Chinnasamy commented on DRILL-5132:
---------------------------------------------

Some of the thoughts on design considerations:

# authenticator must be given a chance to populate context values
#* Generally context values are loaded immediately after (or as the part of) authentication
process
#* Custom authenticators can load custom context values as a result of authentication process
# If custom authenticators can add values to context, then we need to have a mechanism to
make the context variables to be unique so that they don't clash with pre-defined system context
variables
# Revise the design of "context" class so that it can hold both system defined and custom
defined variables.
# Change [DRILL-4956|https://issues.apache.org/jira/browse/DRILL-4956] and [DRILL-5043|https://issues.apache.org/jira/browse/DRILL-5043]
that assume that UserSession is the place to generate session id (which is very much one of
the context values) to accommodate externally generated session_id.
#* *session_id* can be provided by an external authenticator. Accommodating externally generated
session_id (with unique prefix) will help better co-ordination with external systems that
provide custom authentication and  context values.

> Context based dynamic parameterization of views
> -----------------------------------------------
>
>                 Key: DRILL-5132
>                 URL: https://issues.apache.org/jira/browse/DRILL-5132
>             Project: Apache Drill
>          Issue Type: Wish
>          Components:  Server
>            Reporter: Nagarajan Chinnasamy
>            Priority: Critical
>              Labels: authentication, context, isolation, jdbcstorage, multi-tenancy
>
> Its known that Views in SQL cannot have dynamic parameters/variables.  Please refer to
[Justin Swanhart|http://stackoverflow.com/users/679236/justin-swanhart]'s response to [this
SO question|http://stackoverflow.com/questions/2281890/can-i-create-view-with-parameter-in-mysql]
in handling dynamic parameterization of views. 
> [The PR #685|https://github.com/apache/drill/pull/685] [DRILL-5043|https://issues.apache.org/jira/browse/DRILL-5043?filter=-2]
originated based on this requirement so that we could build views that can dynamically filter
records based on some dynamic values (like current tenant-id, user role etc.) 
> *Since Drill's basic unit is a View... having such built-in support can bring in dynamism
into the whole game.*
> This feature can be utilized for:
> * *Data Isolation in Shared Multi-Tenant environments* based on Custom Tenant Discriminator
Column
> * *Data Protection in building Chained Views* with Custom Dynamic Filters
> I will post further design details in the comments....



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message