flyfantasy created DRILL-5875:
---------------------------------
Summary: user mixed up problem in apache drill
Key: DRILL-5875
URL: https://issues.apache.org/jira/browse/DRILL-5875
Project: Apache Drill
Issue Type: Bug
Affects Versions: 1.11.0, 1.10.0, 1.9.0, 1.8.0
Reporter: flyfantasy
Hi guys.
we have used drill for quite a long time. We used apache-drill-1.8.0 at the
beginning and recently we upgraded to apache-drill-1.11.0. Drill is great and
now drill already have 40+ user in our company. It accelerate olap queries
quite a lot. But as the number of drill user is getting bigger and bigger, a
problem we called user mix-up is getting more and more serious.
Let me explain the problem. We are using drill with user impersonation.
Different user have different privileges. As we have many drill user, so is it
quite common two or more people are using drill at the same time. A user we
called u1 posted a query to table t1 located in hdfs which he has privilege
through drill and may get an error which tells him that he has no privilege to
the table as he was u2 ( another user). " And u2 may get a similar error with
his query. The only thing u1 can do in this situation is to exit drill and
reconnect to drill through a new session.
This problem occurs quite frequently. It occur in apache-drill-1.8.0 and also
in apache-drill-1.11.0. User get confused and maybe frustrated while data
security is under threaten.
PS: we are running drill on a 8 nodes cluster which will connect to a 100 nodes
hadoop cluster. Hadoop version is 2.6.3. Drill version is 1.11.0. Below is
drill-override.conf
drill.exec: {
cluster-id: "olap-drill",
zk.connect: "zk01:2181/olap_drill,zk02:2181/olap_drill,zk03:2181/olap_drill",
security.user.auth: { enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam"
pam_profiles: ["login", "sudo"]
},
impersonation: {
enabled: true,
max_chained_user_hops: 3
}
}
Thanks for your attention.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
