I think the original question is more about using the JDBC Storage Plugin and connections to other sources. I know I've posted a few user posts related to the security of storage plugins and the idea of passing credentials to the back end was discussed. The challenge here from a security perspective is A. Does Drill and the RDBMS share an authenticator? (i.e. LDAP) if so, how can Drill pass a token to the backend to to ensure end to end accountability without storing passwords. This is a non-trivial challenge in a multi-user system.
My "first step" approach was to Storage plugins where the ability to query these could be set within drill (using Filesystem ACLs or other methodologies) This could allow a drill admin to setup different plugins with different permissions and assign users there. It defeats the "end point" (RDBMS) accountability because unless each user got their own plugin, there would be shared users via abit, but that's better than the everyone can access all the storage plugins. This is hard in general :) John On Thu, Jun 9, 2016 at 1:02 PM, Chun Chang <[email protected]> wrote: > Yaxiong, > > If you still have questions after reading the docs provided by Neeraja, > please let us know. I will be happy to help. > > Chun > > On Thu, Jun 9, 2016 at 10:40 AM, Neeraja Rentachintala < > [email protected]> wrote: > > > Have you checked these docs. > > https://drill.apache.org/docs/configuring-user-authentication/ > > > > On Thu, Jun 9, 2016 at 8:05 AM, Lin, Yaxiong <[email protected]> > wrote: > > > > > Hi, > > > > > > I am evaluating Drills as the query service for our analytics > > applications > > > to access various data sources and it seems to fill the needs very > well. > > > However I have one concern/question that I could not find the answer > from > > > Drill’s website or on google. > > > > > > My question/concern is that from what I’ve read, the storage plugin > > > configuration requires static user id and password set in the > > configuration > > > which storage plugin will use to connect to the backend data > > > source/database. I need Drill client to pass the user id and password > at > > > query submission to storage plugin (e.g. RDMBS) and have storage plugin > > use > > > that to connect to the back end data source/database. Obviously each > > > client has his/her own set of user id and password for each data > > > source/database. Is there anyway that I can achieve this? > > > > > > Thanks. > > > > > > Yaxiong Lin > > > Mayo Clinic > > > > > >
