Z0ltrix opened a new issue #2296: URL: https://github.com/apache/drill/issues/2296
**Is your feature request related to a problem? Please describe.** I would like to use Phoenix-Queryserver with active impersonation through jdbc storage plugin in drill. At the moment we got phoenix-queryserver to work with kerberos auth and a specific keytab for drill. Drill is configured with active impersonation, so if Bob submits a query to drill, drill impersonates Bob agains HDFS and HBase. Because of the fixed keytab and principals in jdbc string, all queries against phoenix are submitted with the user specified at the keytab. To fulfill all security requirements we need active impersonation against phoenix. **Describe the solution you'd like** I would like to specify the original username of the drill query in the connection string of the jdbc storage plugin, as it is described here: https://phoenix.apache.org/server.html#Impersonation ``` { "type": "jdbc", "driver": "org.apache.phoenix.queryserver.client.Driver", "url": "jdbc:phoenix:thin:url=http://localhost:8765?doAs=$user;serialization=PROTOBUF;authentication=SPNEGO;principal=drill/[email protected];keytab=/etc/hadoop/conf/drill.keytab";, "username": null, "password": null, "caseInsensitiveTableNames": false, "enabled": true } ``` If Bob sends a Query like `SELECT * FROM phoenix.schema.table` drill should sends the query with doAs=Bob **Describe alternatives you've considered** none **Additional context** none -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
