drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chun Chang <cch...@maprtech.com>
Subject Re: Dynamic setting of user id / password for Storage plugin
Date Thu, 09 Jun 2016 18:27:24 GMT
That's in deed hard in general. Currently, Drill only supports
impersonation through dfs and hive storage plugin.

On Thu, Jun 9, 2016 at 11:14 AM, John Omernik <john@omernik.com> wrote:

> I think the original question is more about using the JDBC Storage Plugin
> and connections to other sources. I know I've posted a few user posts
> related to the security of storage plugins and the idea of passing
> credentials to the back end was discussed. The challenge here from a
> security perspective is A. Does Drill and the RDBMS share an authenticator?
> (i.e. LDAP) if so, how can Drill pass a token to the backend to to ensure
> end to end accountability without storing passwords.  This is a non-trivial
> challenge in a multi-user system.
>
> My "first step"  approach was to Storage plugins where the ability to query
> these could be set within drill (using Filesystem ACLs or other
> methodologies) This could allow a drill admin to setup different plugins
> with different permissions and assign users there. It defeats the "end
> point" (RDBMS)  accountability because unless each user got their own
> plugin, there would be shared users via  abit, but that's better than the
> everyone can access all the storage plugins.
>
> This is hard in general :)
>
> John
>
> On Thu, Jun 9, 2016 at 1:02 PM, Chun Chang <cchang@maprtech.com> wrote:
>
> > Yaxiong,
> >
> > If you still have questions after reading the docs provided by Neeraja,
> > please let us know. I will be happy to help.
> >
> > Chun
> >
> > On Thu, Jun 9, 2016 at 10:40 AM, Neeraja Rentachintala <
> > nrentachintala@maprtech.com> wrote:
> >
> > > Have you checked these docs.
> > > https://drill.apache.org/docs/configuring-user-authentication/
> > >
> > > On Thu, Jun 9, 2016 at 8:05 AM, Lin, Yaxiong <lin.yaxiong@mayo.edu>
> > wrote:
> > >
> > > > Hi,
> > > >
> > > > I am evaluating Drills as the query service for our analytics
> > > applications
> > > > to access various data sources and it seems to fill the needs very
> > well.
> > > > However I have one concern/question that I could not find the answer
> > from
> > > > Drill’s website or on google.
> > > >
> > > > My question/concern is that from what I’ve read, the storage plugin
> > > > configuration requires static user id and password set in the
> > > configuration
> > > > which storage plugin will use to connect to the backend data
> > > > source/database. I need Drill client to pass the user id and password
> > at
> > > > query submission to storage plugin (e.g. RDMBS) and have storage
> plugin
> > > use
> > > > that to connect to the back end data source/database.  Obviously each
> > > > client has his/her own set of user id and password for each data
> > > > source/database.  Is there anyway that I can achieve this?
> > > >
> > > > Thanks.
> > > >
> > > > Yaxiong Lin
> > > > Mayo Clinic
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message