Re: tmp noexec

Good idea. I should have thought of that :) -- Jacques Nadeau CTO and Co-Founder, Dremio On Fri, Jul 29, 2016 at 10:12 AM, scott wrote: > Thanks Jacques. I think I have solved my immediate problem. I added > -Djava.io.tmpdir=/newtmp to the DRILL_JAVA_OPTS variable in

Connecting Drill to Azure Data Lake

Hi Drill Community, Has anyone attempted to connect Drill to the Azure Data Lake? Microsoft has implemented a WebHDFS API over Azure Data Lake, so Drill should be able to connect. I'm guessing this will be similar to s3. My initial attempts have failed, does anyone have any ideas or experience

Re: Per user authorization

No disagreement that for storage systems that lack the needed inbound impersonation that Drill might need to support other approaches such as managing per user credentials per storage system. I just wanted to make clear that Drill does provide for excellent authorization for storage systems

Re: Per user authorization

Hi Keys, S3 is a good example the authentication process could return a profile that includes the S3 access credentials for this user. Another example would be a mechanism such as Tableau's Web Data Connector. Supporting that sort of capability would really open up the community to write plugin's

Re: tmp noexec

Thanks Jacques. I think I have solved my immediate problem. I added -Djava.io.tmpdir=/newtmp to the DRILL_JAVA_OPTS variable in drill-env.sh. I am now able to start drillbit without error. Scott On Fri, Jul 29, 2016 at 4:29 PM, Jacques Nadeau wrote: > Unfortunately, the

Re: tmp noexec

Unfortunately, the issue is underlying libraries tendancy to extract native libraries into tmp. For most individual libraries, there are system properties you can set to change but there is no global option. I'm guessing that you might have one more after this one: Snappy. For Snappy, the info for

Re: Per user authorization

Yep, I know I've had conversations with Neeraja over that, while some JDBC databases do support it, it would have to be implemented in Drill to pass that information through to JDBC, thus work still needs to be done. The nice thing with Drill, is there are options, in how to implement these

Re: Per user authorization

I can't speak to the capabilities of MongoDB and S3 but most relational databases (Oracle and DB2 for certain and I think SQLServer) support impersonation over JDBC. I even wrote a paper on this: http://www.ibm.com/developerworks/websphere/techjournal/0506_barghouthi/0506_barghouthi.html That

Re: Per user authorization

Keys - Thanks for the information, however, to Steve's question, there is no way to secure the storage plugin itself, and thus any credentials to systems downstream that require credentials (MongoDB, S3, JDBC, etc) can not be secured. There is only one user that has access to those downstream

Re: Per user authorization

Drill does use HDFS/Mapr-FS impersonation to push identity down to the underlying storage system - HDFS, MapR-FS, MapR-DB. Once that is done the underlying storage system can then perform authorization. This is a robust model that is advantageous as it ensures that data is protected the same

Re: Per user authorization

Good question Steve. I know I've posted some items related to securing of storage plugins. Perhaps not using Drill itself to secure this, but instead using a file directory and thus using filesystem permissions to store the definitions and secure them. (The alternative is to add a znode with unix

Per user authorization

With Drill I can authenticate a user and distinguish between ADMIN and USER. However, there doesn't seem to be much (any) in the way of per user authorizations beyond that. Example uses being: 1) Allowing for per user AWS credentials. 2) Returning a token or other profile information from the

concurrent get connection in different node

We are running query concurrently and get connection through jdbc. We found that the querys are not distributed equally in the cluster. That is some nodes have more querys while others are less. This will cause query running slow at the busy node. Does there have any way to let the query