You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "Keys Botzum (JIRA)" <ji...@apache.org> on 2016/01/18 19:51:39 UTC
[jira] [Created] (DRILL-4281) Drill should support inbound
impersonation
Keys Botzum created DRILL-4281:
----------------------------------
Summary: Drill should support inbound impersonation
Key: DRILL-4281
URL: https://issues.apache.org/jira/browse/DRILL-4281
Project: Apache Drill
Issue Type: Improvement
Reporter: Keys Botzum
Today Drill supports impersonation *to* external sources. For example I can authenticate to Drill as myself and then Drill will access HDFS using impersonation
In many scenarios we also need impersonation to Drill. For example I might use some front end tool (such as Tableau) and authenticate to it as myself. That tool (server version) then needs to access Drill to perform queries and I want those queries to run as myself, not as the Tableau user. While in theory the intermediate tool could store the userid & password for every user to the Drill this isn't a scalable or very secure solution.
Note that HS2 today does support inbound impersonation as described here: https://issues.apache.org/jira/browse/HIVE-5155
The above is not the best approach as it is tied to the connection object which is very coarse grained and potentially expensive. It would be better if there was a call on the ODBC/JDBC driver to switch the identity on a existing connection. Most modern SQL databases (Oracle, DB2) support such function.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)