Oleksandr Kalinin created DRILL-6699:
----------------------------------------
Summary: Drill client session authorization
Key: DRILL-6699
URL: https://issues.apache.org/jira/browse/DRILL-6699
Project: Apache Drill
Issue Type: New Feature
Reporter: Oleksandr Kalinin
Currently Drill relies on pluggable security mechanisms to perform user
authentication. Any positively authenticated user will be permitted to
establish a session and execute queries on the cluster. Queries will be
executed on behalf of authenticated user if impersonation is enabled.
Authorization is performed at data (FS) level.
While this model secures access to data, it doesn't secure cluster resources in
some uses cases like running multiple Drill clusters within single YARN
cluster. Since YARN resources in multi-tenant environments are subject to
authorization itself, not all users who are positively authenticated are
actually authorized to use YARN resources used to run Drill cluster.
Secondary issue is that it could also be challenging to enable impersonation
with non-admin / low-privilege accounts typically used to run applications on
YARN (and hence Drill on YARN clusters too).
Above issues could be addressed with introduction of session authorization in
Drill. Cluster admin could configure some simple ACLs which would define users
and/or groups of users permitted to connect and use the cluster. After
authentication and before finalization of client session creation authorization
step could be added to check authenticated user against ACLs.
While proposed feature is primarily aimed at Drill on YARN use case, it could
also be useful for access control on standalone clusters. Otherwise admins need
to push authorization handling to pluggable security mechanisms which is much
more complex to implement than simple ACL config, and sometimes even unfeasible.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
