That's in deed hard in general. Currently, Drill only supports impersonation through dfs and hive storage plugin.
On Thu, Jun 9, 2016 at 11:14 AM, John Omernik <[email protected]> wrote: > I think the original question is more about using the JDBC Storage Plugin > and connections to other sources. I know I've posted a few user posts > related to the security of storage plugins and the idea of passing > credentials to the back end was discussed. The challenge here from a > security perspective is A. Does Drill and the RDBMS share an authenticator? > (i.e. LDAP) if so, how can Drill pass a token to the backend to to ensure > end to end accountability without storing passwords. This is a non-trivial > challenge in a multi-user system. > > My "first step" approach was to Storage plugins where the ability to query > these could be set within drill (using Filesystem ACLs or other > methodologies) This could allow a drill admin to setup different plugins > with different permissions and assign users there. It defeats the "end > point" (RDBMS) accountability because unless each user got their own > plugin, there would be shared users via abit, but that's better than the > everyone can access all the storage plugins. > > This is hard in general :) > > John > > On Thu, Jun 9, 2016 at 1:02 PM, Chun Chang <[email protected]> wrote: > > > Yaxiong, > > > > If you still have questions after reading the docs provided by Neeraja, > > please let us know. I will be happy to help. > > > > Chun > > > > On Thu, Jun 9, 2016 at 10:40 AM, Neeraja Rentachintala < > > [email protected]> wrote: > > > > > Have you checked these docs. > > > https://drill.apache.org/docs/configuring-user-authentication/ > > > > > > On Thu, Jun 9, 2016 at 8:05 AM, Lin, Yaxiong <[email protected]> > > wrote: > > > > > > > Hi, > > > > > > > > I am evaluating Drills as the query service for our analytics > > > applications > > > > to access various data sources and it seems to fill the needs very > > well. > > > > However I have one concern/question that I could not find the answer > > from > > > > Drill’s website or on google. > > > > > > > > My question/concern is that from what I’ve read, the storage plugin > > > > configuration requires static user id and password set in the > > > configuration > > > > which storage plugin will use to connect to the backend data > > > > source/database. I need Drill client to pass the user id and password > > at > > > > query submission to storage plugin (e.g. RDMBS) and have storage > plugin > > > use > > > > that to connect to the back end data source/database. Obviously each > > > > client has his/her own set of user id and password for each data > > > > source/database. Is there anyway that I can achieve this? > > > > > > > > Thanks. > > > > > > > > Yaxiong Lin > > > > Mayo Clinic > > > > > > > > > >
