cgivre commented on pull request #2332: URL: https://github.com/apache/drill/pull/2332#issuecomment-960795904
> > Of course this PR is great even without working Impersonation, but for enterprise its necessary to let the enduser run the query against the storage. > > The fact that drill impersonates the proxyUser correctly against HDFS and HBase let me hope that this is also feasable for phoenix :) > > Hi @Z0ltrix. I believe that Drill uses the native support for impersonation that is built into Hadoop when it impersonates to HDFS, Hive, HBase (and MapR-DB through whatever is built into that). No other storage plugins support any impersonation yet. Also there is no support for propagating a Kerberos authn context (a TGT I guess?) over the hop from Drill to the external data source. But... we want it to be there! We are in a planning phase and talking to security guys and we want to start coding on this in November. Your input is very valuable so we'd like to keep checking in with you as we go. > > cc @cgivre @dzamo I was under the impression that the vault work we did earlier actually did enable impersonation for most other storage plugins. The key component was the creation of the `credentialProvider` object which allowed that. Maybe @vvysotskyi could weigh in here as well. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
