drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ted Dunning <ted.dunn...@gmail.com>
Subject Re: [DISCUSSION] Roles and Privileges, Security, Secrets
Date Thu, 21 Jan 2021 00:38:53 GMT
I think that pushing too much of this kind of authentication and
authorization logic into Drill has a large complexity risk. Anything to do
with kerberos magnifies that complexity.

I also think that it is a mistake to depend on user identity if
authorization tokens are likely to need to be embedded in scripts and such.
Identity that is inherited can work that way, but identity that has to be
given to a script should use an alternative intended for workload
authorization such as SPIFFE.

Is there a reason that most or all of this couldn't be handled by storing
the configuration in files? That would allow file permissions to naturally
allow or disallow these operations.

Also, what are the specific goals here?

On Wed, Jan 20, 2021 at 3:34 PM Vitalii Diravka <vitalii@apache.org> wrote:

> Hi Dev and User,
> Drill has a very important feature - Roles and Privileges [1], but it has
> really weak functionality. There are only two roles (admin and user) and
> admin can't really give any user permissions to set query options for all
> their sessions or to allow configure storage plugin in other manner, etc.
> I think it is necessary to make this functionality broader: introduce a
> middle layer user-system options, the ability to change some configs of
> Storage Plugins for users, possibly permission for UDF creation etc. The
> main thing that this functionality requires good support for management of
> users and their secrets (credentials).
> There is a very good tool  - Hashicorp Vault [2], which can provide Drill a
> mechanism to store secrets in a safe manner, to deliver the secrets via
> tokens mechanism to the proper users and it can be integrated with Kerberos
> and Spnego.
> What do you think? Can we integrate Drill with Vault or no, what additional
> pros and cons of this decision? If it is a good decision I can start
> preparing design for this functionality
> [1] https://drill.apache.org/docs/roles-and-privileges/
> [2] https://www.vaultproject.io/
> Kind regards
> Vitalii

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message