Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Today Drill supports impersonation to external sources. For example I can authenticate to Drill as myself and then Drill will access HDFS using impersonation
In many scenarios we also need impersonation to Drill. For example I might use some front end tool (such as Tableau) and authenticate to it as myself. That tool (server version) then needs to access Drill to perform queries and I want those queries to run as myself, not as the Tableau user. While in theory the intermediate tool could store the userid & password for every user to the Drill this isn't a scalable or very secure solution.
Note that HS2 today does support inbound impersonation as described here: https://issues.apache.org/jira/browse/HIVE-5155
The above is not the best approach as it is tied to the connection object which is very coarse grained and potentially expensive. It would be better if there was a call on the ODBC/JDBC driver to switch the identity on a existing connection. Most modern SQL databases (Oracle, DB2) support such function.