Github user sudheeshkatkam commented on the pull request:
https://github.com/apache/drill/pull/400#issuecomment-192535617
I apologize that my terminology is confusing everyone.
I've updated the [design
document](https://docs.google.com/document/d/1g0KgugVdRbbIxxZrSCtO1PEHlvwczTLDb38k-npvwjA)
and the PR to include terms that (hopefully) users and developers can
understand.
(1) User delegation itself is not a suitable name for this feature, since
this feature is extending the current impersonation model. So when _user
impersonation_ is enabled, this _inbound_ or _client_ impersonation feature is
also enabled.
(2) I am going to use a variant of Jacques' suggestion for _inbound_
impersonation policies. I think `proxy_principals` and `target_principals` are
apt. For example, an admin would setup policies by using:
```
ALTER SYSTEM SET `exec.impersonation.inbound_policies` = '[
{ proxy_principals : { users : [ "user0_1"] },
target_principals : { users : ["*"] } },
{ proxy_principals : { groups : ["group5_1"] },
target_principals : { groups : ["group4_2"] } }
]';
```
Overall, when impersonation is enabled, both _inbound_ impersonation and
_outbound_ impersonation are allowed.
+ _Inbound_ or _client_ impersonation: an authorized user can impersonate a
target user, and the session user is set accordingly.
+ _Outbound_ or _storage plugin_ impersonation: Drill itself impersonates
as the session user when interacting with storage plugins.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
