Re: Per user authorization
I'm not clear on what the deep complexities would be, but all I think is needed is to be able to return custom profile data from the authentication provider that is then passed along to the storage plugins as properties. Cheers Steve On Fri, Jul 29, 2016 at 10:16 AM, Keys Botzum <kbot...@maprtech.com> wrote: > No disagreement that for storage systems that lack the needed inbound > impersonation that Drill might need to support other approaches such as > managing per user credentials per storage system. I just wanted to make > clear that Drill does provide for excellent authorization for storage > systems that it currently impersonates to. I genuinely believe that is the > best approach in general. > > That said, since Drill is trying to support many storage systems, some of > which lack the needed functionality, that other approaches may also be > needed. I don't know if there is a JIRA out there for such a feature. > Having worked with such systems in the past, I'll just caution that there > are deep complexities around managing per user credentials. > > Keys > ___ > Keys Botzum > Senior Principal Technologist > kbot...@maprtech.com <mailto:kbot...@maprtech.com> > 443-718-0098 > MapR Technologies > http://www.mapr.com <http://www.mapr.com/> > > On Jul 29, 2016, at 1:00 PM, Steve Warren <swar...@myvest.com> wrote: > > > > Hi Keys, S3 is a good example the authentication process could return a > > profile that includes the S3 access credentials for this user. Another > > example would be a mechanism such as Tableau's Web Data Connector. > > Supporting that sort of capability would really open up the community to > > write plugin's for Drill as it has for Tableau. > > > > On Fri, Jul 29, 2016 at 7:08 AM, Keys Botzum <kbot...@maprtech.com> > wrote: > > > >> Drill does use HDFS/Mapr-FS impersonation to push identity down to the > >> underlying storage system - HDFS, MapR-FS, MapR-DB. Once that is done > the > >> underlying storage system can then perform authorization. This is a > robust > >> model that is advantageous as it ensures that data is protected the same > >> way regardless of access path. It may be that there are additional > storage > >> systems which Drill does not yet impersonate to. Can you say more in > terms > >> of requirements? > >> > >> Drill impersonation: > >> https://drill.apache.org/docs/configuring-user-impersonation/ > >> > >> In addition Drill supports views which can be created and shared amongst > >> users. Basically I can create a view on data I own and share that view > with > >> others that can't see the underlying data but can see the view. > >> > >> Drill views: http://drill.apache.org/docs/create-view-command/ > >> > >> Keys > >> ___ > >> Keys Botzum > >> Senior Principal Technologist > >> kbot...@maprtech.com <mailto:kbot...@maprtech.com> > >> 443-718-0098 > >> MapR Technologies > >> http://www.mapr.com <http://www.mapr.com/> > >>> On Jul 29, 2016, at 9:50 AM, Steve Warren <swar...@myvest.com> wrote: > >>> > >>> With Drill I can authenticate a user and distinguish between ADMIN and > >>> USER. However, there doesn't seem to be much (any) in the way of per > user > >>> authorizations beyond that. Example uses being: > >>> > >>> 1) Allowing for per user AWS credentials. > >>> 2) Returning a token or other profile information from the > authentication > >>> process that can be passed into each storage plugin. > >>> 3) ACL for storage plugins (by user group). > >>> > >>> Are there any plans to extend the authorization capabilities in these > >> areas? > >>> > >>> Cheers > >>> > >>> -- > >>> Confidentiality Notice and Disclaimer: The information contained in > this > >>> e-mail and any attachments, is not transmitted by secure means and may > >> also > >>> be legally privileged and confidential. If you are not an intended > >>> recipient, you are hereby notified that any dissemination, > distribution, > >> or > >>> copying of this e-mail is strictly prohibited. If you have received > this > >>> e-mail in error, please notify the sender and permanently delete the > >> e-mail > >>> and any attachments immediately. You should not retain, copy or use > this > >>> e-mail or any a
Re: Per user authorization
Hi Keys, S3 is a good example the authentication process could return a profile that includes the S3 access credentials for this user. Another example would be a mechanism such as Tableau's Web Data Connector. Supporting that sort of capability would really open up the community to write plugin's for Drill as it has for Tableau. On Fri, Jul 29, 2016 at 7:08 AM, Keys Botzum <kbot...@maprtech.com> wrote: > Drill does use HDFS/Mapr-FS impersonation to push identity down to the > underlying storage system - HDFS, MapR-FS, MapR-DB. Once that is done the > underlying storage system can then perform authorization. This is a robust > model that is advantageous as it ensures that data is protected the same > way regardless of access path. It may be that there are additional storage > systems which Drill does not yet impersonate to. Can you say more in terms > of requirements? > > Drill impersonation: > https://drill.apache.org/docs/configuring-user-impersonation/ > > In addition Drill supports views which can be created and shared amongst > users. Basically I can create a view on data I own and share that view with > others that can't see the underlying data but can see the view. > > Drill views: http://drill.apache.org/docs/create-view-command/ > > Keys > ___ > Keys Botzum > Senior Principal Technologist > kbot...@maprtech.com <mailto:kbot...@maprtech.com> > 443-718-0098 > MapR Technologies > http://www.mapr.com <http://www.mapr.com/> > > On Jul 29, 2016, at 9:50 AM, Steve Warren <swar...@myvest.com> wrote: > > > > With Drill I can authenticate a user and distinguish between ADMIN and > > USER. However, there doesn't seem to be much (any) in the way of per user > > authorizations beyond that. Example uses being: > > > > 1) Allowing for per user AWS credentials. > > 2) Returning a token or other profile information from the authentication > > process that can be passed into each storage plugin. > > 3) ACL for storage plugins (by user group). > > > > Are there any plans to extend the authorization capabilities in these > areas? > > > > Cheers > > > > -- > > Confidentiality Notice and Disclaimer: The information contained in this > > e-mail and any attachments, is not transmitted by secure means and may > also > > be legally privileged and confidential. If you are not an intended > > recipient, you are hereby notified that any dissemination, distribution, > or > > copying of this e-mail is strictly prohibited. If you have received this > > e-mail in error, please notify the sender and permanently delete the > e-mail > > and any attachments immediately. You should not retain, copy or use this > > e-mail or any attachment for any purpose, nor disclose all or any part of > > the contents to any other person. MyVest Corporation, MyVest Advisors and > > their affiliates accept no responsibility for any unauthorized access > > and/or alteration or dissemination of this communication nor for any > > consequence based on or arising out of the use of information that may > have > > been illegitimately accessed or altered. > > -- Confidentiality Notice and Disclaimer: The information contained in this e-mail and any attachments, is not transmitted by secure means and may also be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. MyVest Corporation, MyVest Advisors and their affiliates accept no responsibility for any unauthorized access and/or alteration or dissemination of this communication nor for any consequence based on or arising out of the use of information that may have been illegitimately accessed or altered.
Per user authorization
With Drill I can authenticate a user and distinguish between ADMIN and USER. However, there doesn't seem to be much (any) in the way of per user authorizations beyond that. Example uses being: 1) Allowing for per user AWS credentials. 2) Returning a token or other profile information from the authentication process that can be passed into each storage plugin. 3) ACL for storage plugins (by user group). Are there any plans to extend the authorization capabilities in these areas? Cheers -- Confidentiality Notice and Disclaimer: The information contained in this e-mail and any attachments, is not transmitted by secure means and may also be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. MyVest Corporation, MyVest Advisors and their affiliates accept no responsibility for any unauthorized access and/or alteration or dissemination of this communication nor for any consequence based on or arising out of the use of information that may have been illegitimately accessed or altered.
Tableau Web Data Connector
Has anyone written a Tableau Web Data Connector for Drill? I noticed prestodb.io has one and it really opens up the ability to interface with drill over the internet. -- Confidentiality Notice and Disclaimer: The information contained in this e-mail and any attachments, is not transmitted by secure means and may also be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. MyVest Corporation, MyVest Advisors and their affiliates accept no responsibility for any unauthorized access and/or alteration or dissemination of this communication nor for any consequence based on or arising out of the use of information that may have been illegitimately accessed or altered.
Re: MapR ODBC driver
Thank you. On Jul 19, 2016 4:08 PM, "Neeraja Rentachintala" < nrentachint...@maprtech.com> wrote: > Steve > > The Apache distribution of Drill does not have a open source version of > ODBC driver. There is however a JDBC driver that is available that you can > use to connect to Drill from BI tools. The ODBC driver you mentioned below > is provided by Simba and the license restrictions indicate that it > is licensed by MapR. > > Regarding your other question, yes, Drill ships with MapR distribution of > Hadoop. > For more info refer to https://www.mapr.com/products/apache-drill > > > thanks > Neeraja > > > On Tue, Jul 19, 2016 at 3:27 PM, Steve Warren <swar...@myvest.com> wrote: > > > I noticed the MapR ODBC driver contains the following restriction in > their > > license agreement. > > > > *"Restrictions*. Customer shall only use the Software in conjunction with > > the MapR Product and not on a standalone basis. For avoidance of doubt, > > Customer is not authorized to use the Software with other distributions > for > > Apache Hadoop. For purposes of this Agreement, the “MapR Product” shall > > mean the MapR Distribution for Apache Hadoop." > > > > This seems problematic. Is there another ODBC driver that works with > drill? > > Does MapR intend to loosen the restrictions on this product and/or open > > source it? > > > > Does Drill even ship with the MapR's distribution of Apache Hadoop? > > > > -- > > Confidentiality Notice and Disclaimer: The information contained in this > > e-mail and any attachments, is not transmitted by secure means and may > also > > be legally privileged and confidential. If you are not an intended > > recipient, you are hereby notified that any dissemination, distribution, > or > > copying of this e-mail is strictly prohibited. If you have received this > > e-mail in error, please notify the sender and permanently delete the > e-mail > > and any attachments immediately. You should not retain, copy or use this > > e-mail or any attachment for any purpose, nor disclose all or any part of > > the contents to any other person. MyVest Corporation, MyVest Advisors and > > their affiliates accept no responsibility for any unauthorized access > > and/or alteration or dissemination of this communication nor for any > > consequence based on or arising out of the use of information that may > have > > been illegitimately accessed or altered. > > > -- Confidentiality Notice and Disclaimer: The information contained in this e-mail and any attachments, is not transmitted by secure means and may also be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. MyVest Corporation, MyVest Advisors and their affiliates accept no responsibility for any unauthorized access and/or alteration or dissemination of this communication nor for any consequence based on or arising out of the use of information that may have been illegitimately accessed or altered.
MapR ODBC driver
I noticed the MapR ODBC driver contains the following restriction in their license agreement. *"Restrictions*. Customer shall only use the Software in conjunction with the MapR Product and not on a standalone basis. For avoidance of doubt, Customer is not authorized to use the Software with other distributions for Apache Hadoop. For purposes of this Agreement, the “MapR Product” shall mean the MapR Distribution for Apache Hadoop." This seems problematic. Is there another ODBC driver that works with drill? Does MapR intend to loosen the restrictions on this product and/or open source it? Does Drill even ship with the MapR's distribution of Apache Hadoop? -- Confidentiality Notice and Disclaimer: The information contained in this e-mail and any attachments, is not transmitted by secure means and may also be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. MyVest Corporation, MyVest Advisors and their affiliates accept no responsibility for any unauthorized access and/or alteration or dissemination of this communication nor for any consequence based on or arising out of the use of information that may have been illegitimately accessed or altered.
Re: Olingo plugin
Thanks! I'll have a look, I had found the contrib in github. On Tue, Jul 12, 2016 at 11:12 AM, Sudheesh Katkam <skat...@maprtech.com> wrote: > There is some documentation available [1]. > > There are five implementations in the contrib directory for reference [2]. > > Thank you, > Sudheesh > > [1] > https://drill.apache.org/docs/apache-drill-contribution-ideas/#support-for-new-data-sources > < > https://drill.apache.org/docs/apache-drill-contribution-ideas/#support-for-new-data-sources > > > [2] https://github.com/apache/drill/tree/master/contrib < > https://github.com/apache/drill/tree/master/contrib> > > > On Jul 12, 2016, at 11:03 AM, Steve Warren <swar...@myvest.com> wrote: > > > > I considered that, but couldn't find documentation on writing plugins. Is > > there any available? > > > > On Tue, Jul 12, 2016 at 10:55 AM, Sudheesh Katkam <skat...@maprtech.com> > > wrote: > > > >> Hi Steve, > >> > >> AFAIK, no such plans. Would you like to open a ticket, and work on it? > >> > >> Thank you, > >> Sudheesh > >> > >>> On Jul 12, 2016, at 10:10 AM, Steve Warren <swar...@myvest.com> wrote: > >>> > >>> Are there plans to release an Olingo (odata) plugin? > >>> > >>> https://olingo.apache.org/ > >>> > >>> -- > >>> Confidentiality Notice and Disclaimer: The information contained in > this > >>> e-mail and any attachments, is not transmitted by secure means and may > >> also > >>> be legally privileged and confidential. If you are not an intended > >>> recipient, you are hereby notified that any dissemination, > distribution, > >> or > >>> copying of this e-mail is strictly prohibited. If you have received > this > >>> e-mail in error, please notify the sender and permanently delete the > >> e-mail > >>> and any attachments immediately. You should not retain, copy or use > this > >>> e-mail or any attachment for any purpose, nor disclose all or any part > of > >>> the contents to any other person. MyVest Corporation, MyVest Advisors > and > >>> their affiliates accept no responsibility for any unauthorized access > >>> and/or alteration or dissemination of this communication nor for any > >>> consequence based on or arising out of the use of information that may > >> have > >>> been illegitimately accessed or altered. > >> > >> > > > > -- > > Confidentiality Notice and Disclaimer: The information contained in this > > e-mail and any attachments, is not transmitted by secure means and may > also > > be legally privileged and confidential. If you are not an intended > > recipient, you are hereby notified that any dissemination, distribution, > or > > copying of this e-mail is strictly prohibited. If you have received this > > e-mail in error, please notify the sender and permanently delete the > e-mail > > and any attachments immediately. You should not retain, copy or use this > > e-mail or any attachment for any purpose, nor disclose all or any part of > > the contents to any other person. MyVest Corporation, MyVest Advisors and > > their affiliates accept no responsibility for any unauthorized access > > and/or alteration or dissemination of this communication nor for any > > consequence based on or arising out of the use of information that may > have > > been illegitimately accessed or altered. > > -- Confidentiality Notice and Disclaimer: The information contained in this e-mail and any attachments, is not transmitted by secure means and may also be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. MyVest Corporation, MyVest Advisors and their affiliates accept no responsibility for any unauthorized access and/or alteration or dissemination of this communication nor for any consequence based on or arising out of the use of information that may have been illegitimately accessed or altered.
Olingo plugin
Are there plans to release an Olingo (odata) plugin? https://olingo.apache.org/ -- Confidentiality Notice and Disclaimer: The information contained in this e-mail and any attachments, is not transmitted by secure means and may also be legally privileged and confidential. If you are not an intended recipient, you are hereby notified that any dissemination, distribution, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender and permanently delete the e-mail and any attachments immediately. You should not retain, copy or use this e-mail or any attachment for any purpose, nor disclose all or any part of the contents to any other person. MyVest Corporation, MyVest Advisors and their affiliates accept no responsibility for any unauthorized access and/or alteration or dissemination of this communication nor for any consequence based on or arising out of the use of information that may have been illegitimately accessed or altered.
