Hi James, i think most companies must use impersonation to use a system like drill because of security restrictions. My Customer for example is not allowed to use any system which is not able to run the query as the enduser at the storage sytem because of storing the audit log.
Impersonation in HDFS, HBase and Phoenix enables us to see the real user in Ranger Audits and only through that feature im able to create complex acl's in Ranger. We could never use for example a cassandra Backend with Drill because i would not be able to impersonate this :/ Nevertheless... this is not only a problem of drill. Cassandra itself has no impersonation feature (correct me if im wring) so drill has no chance at the moment to do this. Maybe DRILL-7871 could solve this, but im not sure if this is the right approach... Every user has to be a Mini-Admin of the system because managing storage plugins is not suitable for every user. Regards Christian ------- Original Message ------- James Turton <[email protected]> schrieb am Dienstag, 22. Februar 2022 um 08:55: > Errata: an improvement of the working definition of impersonation inline > > below. > > On 2022/02/22 08:27, James Turton wrote: > > > Drill has supported impersonation, which I'll use here to mean any > > > > mechanism by which Drill accesses an external system as the end user > > > > rather than some system-wide identity to which it has access e.g. the > > > > OS user, a service principal or credentials in a storage > > > > configuration, env var or config file.
publickey - [email protected] - 0xF0E154C5.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
