we'd like to setup Drill to as SQL interface for files stored on local file system (non HDFS) with multi user access - each user/group authorized to access only selected tables/views.
Apache Drill 1.16.0 with the following config (drill-override.conf, Drill running as root user):
DFS Storage definition from Drill:
Created a view on local file system (not HDFS) that is configured to be accessible only by bob user:
Steps to reproduce:
Use sqlline to query project_1_abc view as alice user:
Querying project_1_abc view as user alice should throw an error, as only bob user has access to this view.
User alice is able to query project_1_abc view even though she doesn't have permissions on file system. The question is, does Drill support RBAC on local file system? If so, what could we be doing wrong?
The Drill process runs as root in order to have access to ```/etc/shadow``` etc.
Authentication works fine. We're able to use sqlline as well as Web UI in order to run SQL queries. Also, users that are in the root group have access to Storage, Threads and Logs tabs.
Unfortunately, all the users have access to all tables/directories/views, regardless of the permissions set on the local file system. Furthermore, inspecting the Drill process with auditctl reveals that the Drill process user (root) is accessing the files instead of impersonating user as one would expect while using impersonation.
Attaching with java debugger also reveals that even though it's local file system, Drill uses ```ProxyLocalFileSystem``` from hive-exec JAR in ```ImpersonationUtil.createFileSystem(...)```.