Github user yufeldman commented on the pull request: https://github.com/apache/drill/pull/400#issuecomment-192171659 Couple of general comments: 1. Since you are using Hadoop UGI it probably makes sense to be more compliant with Hadoop auth definitions. Which are: "superuser" can proxy for "user(s), group(s) and host(s)". May be adding group that can proxy is OK, but it is not what is done in Hadoop world today. ------------------------- hadoop.proxyuser.superuser.hosts comma separated hosts from which superuser access are allowed to impersonation. * means wildcard. hadoop.proxyuser.superuser.groups comma separated groups to which users impersonated by superuser belongs. * means wildcard. ------------------------- 2. I think what we call here delegate/delegator is a true impersonation, what we call "chained impersonation" is kind of opposite of impersonation as it is increasing privileges versus restricting them.
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---