You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@drill.apache.org by "Keys Botzum (JIRA)" <ji...@apache.org> on 2016/01/18 19:51:39 UTC

[jira] [Created] (DRILL-4281) Drill should support inbound impersonation

Keys Botzum created DRILL-4281:
----------------------------------

             Summary: Drill should support inbound impersonation
                 Key: DRILL-4281
                 URL: https://issues.apache.org/jira/browse/DRILL-4281
             Project: Apache Drill
          Issue Type: Improvement
            Reporter: Keys Botzum


Today Drill supports impersonation *to* external sources. For example I can authenticate to Drill as myself and then Drill will access HDFS using impersonation

In many scenarios we also need impersonation to Drill. For example I might use some front end tool (such as Tableau) and authenticate to it as myself. That tool (server version) then needs to access Drill to perform queries and I want those queries to run as myself, not as the Tableau user. While in theory the intermediate tool could store the userid & password for every user to the Drill this isn't a scalable or very secure solution.

Note that HS2 today does support inbound impersonation as described here:  https://issues.apache.org/jira/browse/HIVE-5155 

The above is not the best approach as it is tied to the connection object which is very coarse grained and potentially expensive. It would be better if there was a call on the ODBC/JDBC driver to switch the identity on a existing connection. Most modern SQL databases (Oracle, DB2) support such function.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)