Securing Drill
An administrator can install Drill with the default security configuration provided by MapR or manually configure custom security for Drill.
Drill supports several security features that secure the communication paths between Drill clients (such as ODBC/JDBC) and Drillbits and also between Drillbits. The following sections briefly describe the security configuration options for Drill and provide links to additional information and instructions.
MapR Default Security Configuration
See Drill Default Security and SSL/TLS for Encryption for more information. You may also want to reference Installing Drill, which describes some Drill installation security scenarios.
Security Features Supported in a Custom Configuration
Drill supports several security features that an administrator can manually configure to secure the communication paths between the Drill client, such as ODBC and JDBC, and Drillbit and also between Drillbits. See Drill Drivers for ODBC and JDBC driver information.
Security Features | Supported Mechanisms | Communication Paths Secured |
---|---|---|
Authentication | MapR Security (MapR-SASL/Tickets) |
|
Kerberos |
|
|
Plain (username and password) |
|
|
Form-based |
NOTE: You can configure SSL/TLS for encryption.
|
|
SPNEGO for HTTP |
NOTE: You can configure SSL/TLS for encryption.
|
|
Ecryption | MapR Security (MapR-SASL/Tickets) |
|
Kerberos |
|
|
SSL/TLS |
|
|
Authorization | Based on file system permissions. |
|
Impersonation | User Impersonation |
NOTE: Drill supports user impersonation, inbound impersonation, and user
impersonation with Hive authorization.
|
Views and File ACEs
In additiona to the listed security features, you can create views on data to limit access to data. You can also create file ACEs on the view definition files to protect the views.