[
https://issues.apache.org/jira/browse/DRILL-7871?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17386560#comment-17386560
]
ASF GitHub Bot commented on DRILL-7871:
---------------------------------------
paul-rogers edited a comment on pull request #2251:
URL: https://github.com/apache/drill/pull/2251#issuecomment-885898568
@vdiravka, on the plugins side, I think the confusion over "user" and
"tenant" has us talking about different designs. Again, let's discuss per-user
and per-tenant designs. Tell me which you are trying to build.
Clarifying the desired tenant model may help with the options discussion.
I've been equating "user" with "person". If your tenant model equates "user"
with "tenant", you are actually trying to define per-tenant defaults. Perhaps
update the docs to clearly say so. Let's use the term "tenant" for a business
entity and "user" for a human, perhaps within that tenant.
## Per-User Plugin Configs
The goal here is to allow users (humans) to create their own private plugin
configs. Since the users work in a common organization, users may wish to share
configs without copy/paste reuse.
Requirements for this case:
* Provide a bootstrap option to enable the new semantics. The default is
off, meaning that Drill behavior will not change by default.
* Retain global plugin configurations. (They allow multiple users to share
the same configuration without copy/paste.)
* Add per-user plugin configurations.
* Users can add and change only their own per-user configurations. (No user
can "share" a config with another user: either the config must be copied to a
global config by the admin, or the second user must make their own copy.)
* If a user configuration happens to have the same name as a global
configuration, the per-user configuration takes precedence. (If the admin make
a global version of a now-shared config, the user must delete his own copy in
order to use the now-shared version.)
* No non-admin user can see or change the configuration for another user.
(That is, if two people work in the same group, and want to share a config,
they must do so via copy/paste, or by asking the admin to make the plugin
global to all users.)
* No non-admin user can change a global configuration.
* The admin user can see, add, modify or delete *any* plugin configuration,
both global and per-user. (Without this, the system is not maintainable as the
admin won't be able to manage per-user configurations.)
## Per-Tenant Plugin Configs
The other way to read your comments is that you want plugin configs per
*tenant* (business entity). In this case, as we said earlier, Tenant A should
not know that there is a Tenant B on the same cluster. There is likely no
shared storage or configs between tenants. The only exception would be
system-level configs offered by the organization that owns the Drill cluster,
such as the system tables. Maybe some demo data.
Requirements in this case:
* Provide a bootstrap option to enable multi-tenant support. The default is
off, meaning that Drill behavior will not change by default.
* A set of global plugin configuration is provided by, and can only be
changed by, the server admin (as defined in the earlier note.) If no global
plugins are to be provided, then delete all global plugin configs.
* The system table is not controlled by a plugin config. If tenants are to
be prohibited from using system tables, provide an option to disable system
tables. (Or, a per a later note, ensure that system tables do not leak tenant
information.)
* Tenants see only their own configs. To the tenant, the per-tenant configs
*are* the plugin configs.
* UI and API operations that operate on configs, when run in multi-tenant
mode, implicitly apply to the set only for that one tenant. That is, there is
no new UI or API; the existing operations simply change meaning to apply to
only the active tenant.
* Every user (except the server admin) is associated with a tenant. If the
user has permission to modify plugins, then all changes apply to only that one
tenant. (Possible refinement: only the tenant admin, as defined earlier, can
change tenant plugin configs.)
* A tenant may (may not?) have multiple users. All tenant users see the same
set of tenant plugins. There are no "per-user" plugins, only per-tenant plugins.
* Tenants can add and change only their own per-tenant configurations. No
tenant can "share" a config with another tenant.
* If a tenant configuration happens to have the same name as a global
configuration, the per-tenant configuration takes precedence.
* No tenant can change a global configuration.
* The server admin user can see, add, modify or delete *any* plugin
configuration, both global and per-tenant. (Without this, the system is not
maintainable as the admin won't be able to manage per-tenant configurations.)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@drill.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> StoragePluginStore instances for different users
> ------------------------------------------------
>
> Key: DRILL-7871
> URL: https://issues.apache.org/jira/browse/DRILL-7871
> Project: Apache Drill
> Issue Type: New Feature
> Components: Security
> Affects Versions: 1.18.0
> Reporter: Vitalii Diravka
> Assignee: Vitalii Diravka
> Priority: Major
>
> Different users should have their own storage plugin configs to have access
> to own storages only. The feature can be based on Drill User Impersonation
> model
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
