[GitHub] [druid] kfaraz commented on a change in pull request #11779: docs for changes to authorization in #11718 and #11720

Thu, 07 Oct 2021 16:32:51 -0700 


kfaraz commented on a change in pull request #11779:
URL: https://github.com/apache/druid/pull/11779#discussion_r723817939



##########
File path: docs/operations/security-user-auth.md
##########
@@ -131,15 +134,16 @@ GET requires READ permission, while POST and DELETE 
require WRITE permission.
 
 Queries on Druid datasources require DATASOURCE READ permissions for the 
specified datasource.
 
-Queries on the [INFORMATION_SCHEMA 
tables](../querying/sql.md#information-schema) will
-return information about datasources that the caller has DATASOURCE READ 
access to. Other
-datasources will be omitted.
+Queries on [INFORMATION_SCHEMA tables](../querying/sql.md#information-schema) 
return information about datasources that the caller has DATASOURCE READ access 
to. Other
+datasources are omitted.
 
 Queries on the [system schema tables](../querying/sql.md#system-schema) 
require the following permissions:
-- `segments`: Segments will be filtered based on DATASOURCE READ permissions.
+- `segments`: Druid filters segments according to DATASOURCE READ permissions.
 - `servers`: The user requires STATE READ permissions.
-- `server_segments`: The user requires STATE READ permissions and segments 
will be filtered based on DATASOURCE READ permissions.
-- `tasks`: Tasks will be filtered based on DATASOURCE READ permissions.
+- `server_segments`: The user requires STATE READ permissions. Druid filters 
segments according to DATASOURCE READ permissions.
+- `tasks`: Druid filters tasks according to DATASOURCE WRITE permissions.
+- `supervisors`: Druid filters supervisors according to DATASOURCE WRITE 
permissions.
+When the Broker property `druid.sql.planner.authorizeSystemTablesDirectly` is 
true, users also require  `SYSTEM_TABLE` authorization on a system schema table 
to query it.

Review comment:
       nit: do we need a line break here to separate this line from the list?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to