[
https://issues.apache.org/jira/browse/DRILL-5875?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arina Ielchiieva resolved DRILL-5875.
-------------------------------------
Resolution: Cannot Reproduce
Please re-open with detailed steps to reproduce if issue appears again.
> user mixed up problem in apache drill
> -------------------------------------
>
> Key: DRILL-5875
> URL: https://issues.apache.org/jira/browse/DRILL-5875
> Project: Apache Drill
> Issue Type: Bug
> Affects Versions: 1.8.0, 1.9.0, 1.10.0, 1.11.0
> Reporter: flyfantasy
> Assignee: Volodymyr Tkach
>
> Hi guys.
> we have used drill for quite a long time. We used apache-drill-1.8.0 at the
> beginning and recently we upgraded to apache-drill-1.11.0. Drill is great and
> now drill already have 40+ user in our company. It accelerate olap queries
> quite a lot. But as the number of drill user is getting bigger and bigger, a
> problem we called user mix-up is getting more and more serious.
> Let me explain the problem. We are using drill with user impersonation.
> Different user have different privileges. As we have many drill user, so is
> it quite common two or more people are using drill at the same time. A user
> we called u1 posted a query to table t1 located in hdfs which he has
> privilege through drill and may get an error which tells him that he has no
> privilege to the table as he was u2 ( another user). " And u2 may get a
> similar error with his query. The only thing u1 can do in this situation is
> to exit drill and reconnect to drill through a new session.
> This problem occurs quite frequently. It occur in apache-drill-1.8.0 and
> also in apache-drill-1.11.0. User get confused and maybe frustrated while
> data security is under threaten.
> PS: we are running drill on a 8 nodes cluster which will connect to a 100
> nodes hadoop cluster. Hadoop version is 2.6.3. Drill version is 1.11.0. Below
> is drill-override.conf
> drill.exec: {
> cluster-id: "olap-drill",
> zk.connect:
> "zk01:2181/olap_drill,zk02:2181/olap_drill,zk03:2181/olap_drill",
> security.user.auth: { enabled: true,
> packages += "org.apache.drill.exec.rpc.user.security",
> impl: "pam"
> pam_profiles: ["login", "sudo"]
> },
> impersonation: {
> enabled: true,
> max_chained_user_hops: 3
> }
> }
> Thanks for your attention.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
