You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by "Oleksandr Kalinin (JIRA)" <ji...@apache.org> on 2018/08/20 09:12:00 UTC

[jira] [Created] (DRILL-6699) Drill client session authorization

Oleksandr Kalinin created DRILL-6699:
----------------------------------------

             Summary: Drill client session authorization
                 Key: DRILL-6699
                 URL: https://issues.apache.org/jira/browse/DRILL-6699
             Project: Apache Drill
          Issue Type: New Feature
            Reporter: Oleksandr Kalinin


Currently Drill relies on pluggable security mechanisms to perform user authentication. Any positively authenticated user will be permitted to establish a session and execute queries on the cluster. Queries will be executed on behalf of authenticated user if impersonation is enabled. Authorization is performed at data (FS) level.

While this model secures access to data, it doesn't secure cluster resources in some uses cases like running multiple Drill clusters within single YARN cluster. Since YARN resources in multi-tenant environments are subject to authorization itself, not all users who are positively authenticated are actually authorized to use YARN resources used to run Drill cluster.

Secondary issue is that it could also be challenging to enable impersonation with non-admin / low-privilege accounts typically used to run applications on YARN (and hence Drill on YARN clusters too).

Above issues could be addressed with introduction of session authorization in Drill. Cluster admin could configure some simple ACLs which would define users and/or groups of users permitted to connect and use the cluster. After authentication and before finalization of client session creation authorization step could be added to check authenticated user against ACLs.

While proposed feature is primarily aimed at Drill on YARN use case, it could also be useful for access control on standalone clusters. Otherwise admins need to push authorization handling to pluggable security mechanisms which is much more complex to implement than simple ACL config, and sometimes even unfeasible.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)