drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vitalii Diravka <vita...@apache.org>
Subject [DISCUSSION] Roles and Privileges, Security, Secrets
Date Wed, 20 Jan 2021 23:33:28 GMT
Hi Dev and User,

Drill has a very important feature - Roles and Privileges [1], but it has
really weak functionality. There are only two roles (admin and user) and
admin can't really give any user permissions to set query options for all
their sessions or to allow configure storage plugin in other manner, etc.

I think it is necessary to make this functionality broader: introduce a
middle layer user-system options, the ability to change some configs of
Storage Plugins for users, possibly permission for UDF creation etc. The
main thing that this functionality requires good support for management of
users and their secrets (credentials).

There is a very good tool  - Hashicorp Vault [2], which can provide Drill a
mechanism to store secrets in a safe manner, to deliver the secrets via
tokens mechanism to the proper users and it can be integrated with Kerberos
and Spnego.

What do you think? Can we integrate Drill with Vault or no, what additional
pros and cons of this decision? If it is a good decision I can start
preparing design for this functionality

[1] https://drill.apache.org/docs/roles-and-privileges/
[2] https://www.vaultproject.io/

Kind regards

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message