Paul Rogers created DRILL-5180:
----------------------------------
Summary: Storage Plugin API provides user name too late in process
Key: DRILL-5180
URL: https://issues.apache.org/jira/browse/DRILL-5180
Project: Apache Drill
Issue Type: Improvement
Affects Versions: 1.8.0
Reporter: Paul Rogers
Priority: Minor
The storage plugin API provides a number of APIs to build up a table scan:
{code}
class AbstractSchema {
public Table getTable(String name){
...
interface StoragePlugin {
public AbstractGroupScan getPhysicalScan(String userName, JSONOptions
selection) throws IOException {
{code}
This sequence assumes that tables are visible to all uses, but only a scan is
restricted by permissions. Some systems, such as an RDBMS, restrict the
*visibility* of tables based on users. That is, one must connect to an RDBMS as
a user, and that user may be able to see certain tables but not others.
Since Drill asks for the table before presenting the named user, the API cannot
support the RDBMS semantics.
The same is true, by the way, for schemas. A database might offer a variety of
schemas, restricted by user permissions. The storage plugin cannot offer a list
of schemas (or move into a schema) without knowing the user on whose behalf the
plugin operates.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
