You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@drill.apache.org by "Oleksandr Kalinin (JIRA)" <ji...@apache.org> on 2018/08/20 09:12:00 UTC
[jira] [Created] (DRILL-6699) Drill client session authorization
Oleksandr Kalinin created DRILL-6699:
----------------------------------------
Summary: Drill client session authorization
Key: DRILL-6699
URL: https://issues.apache.org/jira/browse/DRILL-6699
Project: Apache Drill
Issue Type: New Feature
Reporter: Oleksandr Kalinin
Currently Drill relies on pluggable security mechanisms to perform user authentication. Any positively authenticated user will be permitted to establish a session and execute queries on the cluster. Queries will be executed on behalf of authenticated user if impersonation is enabled. Authorization is performed at data (FS) level.
While this model secures access to data, it doesn't secure cluster resources in some uses cases like running multiple Drill clusters within single YARN cluster. Since YARN resources in multi-tenant environments are subject to authorization itself, not all users who are positively authenticated are actually authorized to use YARN resources used to run Drill cluster.
Secondary issue is that it could also be challenging to enable impersonation with non-admin / low-privilege accounts typically used to run applications on YARN (and hence Drill on YARN clusters too).
Above issues could be addressed with introduction of session authorization in Drill. Cluster admin could configure some simple ACLs which would define users and/or groups of users permitted to connect and use the cluster. After authentication and before finalization of client session creation authorization step could be added to check authenticated user against ACLs.
While proposed feature is primarily aimed at Drill on YARN use case, it could also be useful for access control on standalone clusters. Otherwise admins need to push authorization handling to pluggable security mechanisms which is much more complex to implement than simple ACL config, and sometimes even unfeasible.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)