[
https://issues.apache.org/jira/browse/DRILL-5875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16251402#comment-16251402
]
Volodymyr Tkach commented on DRILL-5875:
----------------------------------------
[~flyfantasy] I tried to reproduce your case by configuring impersonation with
3 hops, then created 3 levels of views, and then send thousands of request from
2 users in parallel from sqlline scripts. Each of two users queried their own
view on the third hop level, but in the first hop level they were using the
same view which didn't belong to any of them. Didn't get any errors;
Can you please describe the steps to reproduce the bug, and also post the
detailed log.
> user mixed up problem in apache drill
> -------------------------------------
>
> Key: DRILL-5875
> URL: https://issues.apache.org/jira/browse/DRILL-5875
> Project: Apache Drill
> Issue Type: Bug
> Affects Versions: 1.8.0, 1.9.0, 1.10.0, 1.11.0
> Reporter: flyfantasy
> Assignee: Arina Ielchiieva
>
> Hi guys.
> we have used drill for quite a long time. We used apache-drill-1.8.0 at the
> beginning and recently we upgraded to apache-drill-1.11.0. Drill is great and
> now drill already have 40+ user in our company. It accelerate olap queries
> quite a lot. But as the number of drill user is getting bigger and bigger, a
> problem we called user mix-up is getting more and more serious.
> Let me explain the problem. We are using drill with user impersonation.
> Different user have different privileges. As we have many drill user, so is
> it quite common two or more people are using drill at the same time. A user
> we called u1 posted a query to table t1 located in hdfs which he has
> privilege through drill and may get an error which tells him that he has no
> privilege to the table as he was u2 ( another user). " And u2 may get a
> similar error with his query. The only thing u1 can do in this situation is
> to exit drill and reconnect to drill through a new session.
> This problem occurs quite frequently. It occur in apache-drill-1.8.0 and
> also in apache-drill-1.11.0. User get confused and maybe frustrated while
> data security is under threaten.
> PS: we are running drill on a 8 nodes cluster which will connect to a 100
> nodes hadoop cluster. Hadoop version is 2.6.3. Drill version is 1.11.0. Below
> is drill-override.conf
> drill.exec: {
> cluster-id: "olap-drill",
> zk.connect:
> "zk01:2181/olap_drill,zk02:2181/olap_drill,zk03:2181/olap_drill",
> security.user.auth: { enabled: true,
> packages += "org.apache.drill.exec.rpc.user.security",
> impl: "pam"
> pam_profiles: ["login", "sudo"]
> },
> impersonation: {
> enabled: true,
> max_chained_user_hops: 3
> }
> }
> Thanks for your attention.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
