Return-Path: <issues-return-36638-archive-asf-public=cust-asf.ponee.io@drill.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 44966200C0E
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue, 27 Dec 2016 13:03:00 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 4175B160B3D; Tue, 27 Dec 2016 12:03:00 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 90C0A160B31
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 27 Dec 2016 13:02:59 +0100 (CET)
Received: (qmail 69928 invoked by uid 500); 27 Dec 2016 12:02:58 -0000
Mailing-List: contact issues-help@drill.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@drill.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@drill.apache.org>
List-Post: <mailto:issues@drill.apache.org>
List-Id: <issues.drill.apache.org>
Reply-To: dev@drill.apache.org
Delivered-To: mailing list issues@drill.apache.org
Received: (qmail 69877 invoked by uid 99); 27 Dec 2016 12:02:58 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Dec 2016 12:02:58 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id 7BC1D2C1F5A
	for <issues@drill.apache.org>; Tue, 27 Dec 2016 12:02:58 +0000 (UTC)
Date: Tue, 27 Dec 2016 12:02:58 +0000 (UTC)
From: "Nagarajan Chinnasamy (JIRA)" <jira@apache.org>
To: issues@drill.apache.org
Message-ID: <JIRA.13028487.1481832760000.599536.1482840178504@Atlassian.JIRA>
In-Reply-To: <JIRA.13028487.1481832760000@Atlassian.JIRA>
References: <JIRA.13028487.1481832760000@Atlassian.JIRA> <JIRA.13028487.1481832760566@arcas>
Subject: [jira] [Commented] (DRILL-5132) Context based dynamic
 parameterization of views
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
archived-at: Tue, 27 Dec 2016 12:03:00 -0000


    [ https://issues.apache.org/jira/browse/DRILL-5132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15780263#comment-15780263 ] 

Nagarajan Chinnasamy commented on DRILL-5132:
---------------------------------------------

Is there anyway UDFs can Get / Set Session Options?

> Context based dynamic parameterization of views
> -----------------------------------------------
>
>                 Key: DRILL-5132
>                 URL: https://issues.apache.org/jira/browse/DRILL-5132
>             Project: Apache Drill
>          Issue Type: Wish
>          Components:  Server
>            Reporter: Nagarajan Chinnasamy
>            Priority: Critical
>              Labels: authentication, context, isolation, jdbcstorage, multi-tenancy, session-context, session-parameter
>
> *Requirement*
> Its known that Views in SQL cannot have custom dynamic parameters/variables.  Please refer to [Justin Swanhart|http://stackoverflow.com/users/679236/justin-swanhart]'s response to [this SO question|http://stackoverflow.com/questions/2281890/can-i-create-view-with-parameter-in-mysql] in handling dynamic parameterization of views. 
> [The PR #685|https://github.com/apache/drill/pull/685] [DRILL-5043|https://issues.apache.org/jira/browse/DRILL-5043?filter=-2] originated based on this requirement so that we could build views that can dynamically filter records based on some dynamic values (like current tenant-id, user role etc.) 
> *Since Drill's basic unit is a View... having such built-in support can bring in dynamism into the whole game.*
> This feature can be utilized for:
> * *Data Isolation in Shared Multi-Tenant environments* based on Custom Tenant Discriminator Column
> * *Data Protection in building Chained Views* with Custom Dynamic Filters
> To explain this further, If we assume that:
> # As and when the user connection is established, we populate session context with session  parameters such as:
> #* Tenant ID of the currently logged in user
> #* Roles of the currently logged in user
> # We expose the session context information through context-based-functions such as:
> #* *session_id* -- that returns unique id of the session
> #* *session_parameter('<parameter-name>')* - that returns the value of the session parameter
> then a view created with the following kind of query:
> {code}
> create or replace view dynamic_filter_view as select
>    a.field as a_field
>    b.field as b_field
> from
>    a_table as a
> left join
>    b_table as b
> on
>    a.bId = b.Id
> where
>    session_parameter('tenantId')=a.tenantId
> {code}
> becomes a query that has built-in support for dynamic parameterization that only returns records of the tenant of the currently logged in user. This is a very useful feature in a shared-multi-tenant environment where data is isolated using multi-tenant-descriminator column 'tenantId'.
> When building chained views this feature will be useful in filtering records based on context based parameters.
> This feature will particularly be useful for data isolation / data protection with *jdbc storage plugins* where drill-authenticated-credentials are not passed to jdbc connection authentication. A jdbc storage  has hard-coded, shared credentials. Hence the the responsibility of data isolation / data protection lies with Views themselves. Hence, the need for built-in support of context based dynamic parameters in Views.
> *Design/Implementation Considerations:*
> * Session parameters can be obtained through authenticators so that custom authenticators can return a HashMap of parameters obtained from external systems.
> * Introduce SessionContext to hold sessionId and sessionParameters
> * Implement context based functions session_id and session_parameter()



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)