This is an automated email from the ASF dual-hosted git repository.
kassiez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris-website.git
The following commit(s) were added to refs/heads/master by this push:
new e707d96864 add security overview (#1772)
e707d96864 is described below
commit e707d968647e1c31a4cfae3d1d0188c87489021d
Author: wangtianyi2004 <[email protected]>
AuthorDate: Tue Jan 14 20:59:21 2025 +0800
add security overview (#1772)
## Versions
- [x] dev
- [x] 3.0
- [x] 2.1
- [ ] 2.0
## Languages
- [ ] Chinese
- [ ] English
## Docs Checklist
- [ ] Checked by AI
- [ ] Test Cases Built
---
docs/admin-manual/auth/security-overview.md | 50 ++++++++++++++++++++++
.../docusaurus-plugin-content-docs/current.json | 4 ++
.../current/admin-manual/auth/security-overview.md | 47 ++++++++++++++++++++
.../version-2.1.json | 6 ++-
.../admin-manual/auth/security-overview.md | 49 +++++++++++++++++++++
.../version-2.1/admin-manual/security-overview.md | 49 +++++++++++++++++++++
.../version-3.0.json | 6 ++-
.../admin-manual/auth/security-overview.md | 49 +++++++++++++++++++++
sidebars.json | 1 +
.../admin-manual/auth/security-overview.md | 50 ++++++++++++++++++++++
.../admin-manual/auth/security-overview.md | 50 ++++++++++++++++++++++
versioned_sidebars/version-2.1-sidebars.json | 3 +-
versioned_sidebars/version-3.0-sidebars.json | 3 +-
13 files changed, 363 insertions(+), 4 deletions(-)
diff --git a/docs/admin-manual/auth/security-overview.md
b/docs/admin-manual/auth/security-overview.md
new file mode 100644
index 0000000000..e60ad77f24
--- /dev/null
+++ b/docs/admin-manual/auth/security-overview.md
@@ -0,0 +1,50 @@
+---
+{
+ "title": "Security Overview",
+ "language": "en"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+
+
+Doris provides the following mechanisms to manage data security:
+
+**Authentication:** Doris supports both username/password and LDAP
authentication methods.
+
+- **Built-in Authentication:** Doris includes a built-in username/password
authentication method, allowing customization of password policies.
+
+- **LDAP Authentication:** Doris can centrally manage user credentials through
LDAP services, simplifying access control and enhancing system security.
+
+**Permission Management:** Doris supports role-based access control (RBAC) or
can inherit Ranger to achieve centralized permission management.
+
+- **Role-Based Access Control (RBAC):** Doris can restrict users' access to
and operations on database resources based on their roles and permissions.
+
+- **Ranger Permission Management:** By integrating with Ranger, Doris enables
centralized permission management, allowing administrators to set fine-grained
access control policies for different users and groups.
+
+**Audit and Logging:** Doris can enable audit logs to record all user actions,
including logins, queries, data modifications, and more, facilitating
post-audit and issue tracking.
+
+**Data Encryption and Masking:** Doris supports encryption and masking of data
within tables to prevent unauthorized access and data leakage.
+
+**Data Transmission Encryption:** Doris supports SSL encryption protocols to
ensure secure data transmission between clients and Doris servers, preventing
data from being intercepted or tampered with during transfer.
+
+**Fine-Grained Access Control:** Doris allows configuring data row and column
access permissions based on rules to control user access at a granular level.
+
diff --git a/i18n/zh-CN/docusaurus-plugin-content-docs/current.json
b/i18n/zh-CN/docusaurus-plugin-content-docs/current.json
index da9b85c12b..f0d93a2b31 100644
--- a/i18n/zh-CN/docusaurus-plugin-content-docs/current.json
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/current.json
@@ -215,6 +215,10 @@
"message": "安全合规",
"description": "The label for category Security in sidebar docs"
},
+ "sidebar.docs.category.Security Overview": {
+ "message": "安全概述",
+ "description": "The label for category Security Overview in sidebar docs"
+ },
"sidebar.docs.category.Data Transmission Encryption": {
"message": "传输加密",
"description": "The label for category Data Transmission Encryption in
sidebar docs"
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/admin-manual/auth/security-overview.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/admin-manual/auth/security-overview.md
new file mode 100644
index 0000000000..88e5b87441
--- /dev/null
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/admin-manual/auth/security-overview.md
@@ -0,0 +1,47 @@
+---
+{
+ "title": "安全概览",
+ "language": "zh-CN"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+Doris 提供以下机制管理数据安全:
+
+身份认证:Doris 支持用户名/密码与 LDAP 认证方式。
+
+- 内置认证:Doris 内置了用户名/密码的认证方式,可以自定义密码策略;
+
+- LDAP 认证:Doris 可以通过 LDAP 服务集中管理用户凭证,简化访问控制并增强系统的安全性。
+
+权限管控:Doris 支持基于角色的访问控制或继承 Ranger 实现集中化的权限管理。
+
+- 基于角色的访问控制(RBAC),Doirs 可以根据用户角色与权限,限制其对数据库资源的访问与操作;
+
+- Ranger 权限管理:Doris 可以通过集成 Ranger 实现集中化的权限管理,允许管理员为不同的用户和组设置细粒度的访问控制策略。
+
+审计与日志记录:Doris 可以开启审计日志,记录用户的所有操作行为,包括登陆,查询,数据修改等行为,便于事后审计与问题追踪;
+
+数据加密与脱敏:Doris 支持对表中的数据进行加密与脱敏,防止未授权的访问当值数据泄漏;
+
+数据传输加密:Doris 支持 SSL 加密协议,确保客户端与 Doris 服务器之间的数据传输安全,防止数据在传输过程中被窃取或篡改;
+
+细粒度访问控制:Doris 中可以基于规则配置数据行/列管控用户访问权限。
diff --git a/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1.json
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1.json
index ed9c88a393..58fcd66504 100644
--- a/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1.json
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1.json
@@ -203,6 +203,10 @@
"message": "安全合规",
"description": "The label for category Security in sidebar docs"
},
+ "sidebar.docs.category.Security Overview": {
+ "message": "安全概述",
+ "description": "The label for category Security Overview in sidebar docs"
+ },
"sidebar.docs.category.Data Transmission Encryption": {
"message": "传输加密",
"description": "The label for category Data Transmission Encryption in
sidebar docs"
@@ -675,4 +679,4 @@
"message": "备份与恢复",
"description": "The label for category Backup & Restore in sidebar docs"
}
-}
\ No newline at end of file
+}
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/admin-manual/auth/security-overview.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/admin-manual/auth/security-overview.md
new file mode 100644
index 0000000000..07610f607b
--- /dev/null
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/admin-manual/auth/security-overview.md
@@ -0,0 +1,49 @@
+---
+{
+ "title": "安全概览",
+ "language": "zh-CN"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+
+
+Doris 提供以下机制管理数据安全:
+
+身份认证:Doris 支持用户名/密码与 LDAP 认证方式。
+
+内置认证:Doris 内置了用户名/密码的认证方式,可以自定义密码策略;
+
+LDAP 认证:Doris 可以通过 LDAP 服务集中管理用户凭证,简化访问控制并增强系统的安全性。
+
+权限管控:Doris 支持基于角色的访问控制或继承 Ranger 实现集中化的权限管理。
+
+基于角色的访问控制(RBAC),Doirs 可以根据用户角色与权限,限制其对数据库资源的访问与操作;
+
+Ranger 权限管理:Doris 可以通过集成 Ranger 实现集中化的权限管理,允许管理员为不同的用户和组设置细粒度的访问控制策略。
+
+审计与日志记录:Doris 可以开启审计日志,记录用户的所有操作行为,包括登陆,查询,数据修改等行为,便于事后审计与问题追踪;
+
+数据加密与脱敏:Doris 支持对表中的数据进行加密与脱敏,防止未授权的访问当值数据泄漏;
+
+数据传输加密:Doris 支持 SSL 加密协议,确保客户端与 Doris 服务器之间的数据传输安全,防止数据在传输过程中被窃取或篡改;
+
+细粒度访问控制:Doris 中可以基于规则配置数据行/列管控用户访问权限。
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/admin-manual/security-overview.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/admin-manual/security-overview.md
new file mode 100644
index 0000000000..07610f607b
--- /dev/null
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-2.1/admin-manual/security-overview.md
@@ -0,0 +1,49 @@
+---
+{
+ "title": "安全概览",
+ "language": "zh-CN"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+
+
+Doris 提供以下机制管理数据安全:
+
+身份认证:Doris 支持用户名/密码与 LDAP 认证方式。
+
+内置认证:Doris 内置了用户名/密码的认证方式,可以自定义密码策略;
+
+LDAP 认证:Doris 可以通过 LDAP 服务集中管理用户凭证,简化访问控制并增强系统的安全性。
+
+权限管控:Doris 支持基于角色的访问控制或继承 Ranger 实现集中化的权限管理。
+
+基于角色的访问控制(RBAC),Doirs 可以根据用户角色与权限,限制其对数据库资源的访问与操作;
+
+Ranger 权限管理:Doris 可以通过集成 Ranger 实现集中化的权限管理,允许管理员为不同的用户和组设置细粒度的访问控制策略。
+
+审计与日志记录:Doris 可以开启审计日志,记录用户的所有操作行为,包括登陆,查询,数据修改等行为,便于事后审计与问题追踪;
+
+数据加密与脱敏:Doris 支持对表中的数据进行加密与脱敏,防止未授权的访问当值数据泄漏;
+
+数据传输加密:Doris 支持 SSL 加密协议,确保客户端与 Doris 服务器之间的数据传输安全,防止数据在传输过程中被窃取或篡改;
+
+细粒度访问控制:Doris 中可以基于规则配置数据行/列管控用户访问权限。
diff --git a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0.json
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0.json
index af899f7f61..974fa4ea5d 100644
--- a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0.json
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0.json
@@ -247,6 +247,10 @@
"message": "安全合规",
"description": "The label for category Security in sidebar docs"
},
+ "sidebar.docs.category.Security Overview": {
+ "message": "安全概述",
+ "description": "The label for category Security Overview in sidebar docs"
+ },
"sidebar.docs.category.Data Transmission Encryption": {
"message": "传输加密",
"description": "The label for category Data Transmission Encryption in
sidebar docs"
@@ -699,4 +703,4 @@
"message": "备份与恢复",
"description": "The label for category Backup & Restore in sidebar docs"
}
-}
\ No newline at end of file
+}
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/admin-manual/auth/security-overview.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/admin-manual/auth/security-overview.md
new file mode 100644
index 0000000000..07610f607b
--- /dev/null
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-3.0/admin-manual/auth/security-overview.md
@@ -0,0 +1,49 @@
+---
+{
+ "title": "安全概览",
+ "language": "zh-CN"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+
+
+Doris 提供以下机制管理数据安全:
+
+身份认证:Doris 支持用户名/密码与 LDAP 认证方式。
+
+内置认证:Doris 内置了用户名/密码的认证方式,可以自定义密码策略;
+
+LDAP 认证:Doris 可以通过 LDAP 服务集中管理用户凭证,简化访问控制并增强系统的安全性。
+
+权限管控:Doris 支持基于角色的访问控制或继承 Ranger 实现集中化的权限管理。
+
+基于角色的访问控制(RBAC),Doirs 可以根据用户角色与权限,限制其对数据库资源的访问与操作;
+
+Ranger 权限管理:Doris 可以通过集成 Ranger 实现集中化的权限管理,允许管理员为不同的用户和组设置细粒度的访问控制策略。
+
+审计与日志记录:Doris 可以开启审计日志,记录用户的所有操作行为,包括登陆,查询,数据修改等行为,便于事后审计与问题追踪;
+
+数据加密与脱敏:Doris 支持对表中的数据进行加密与脱敏,防止未授权的访问当值数据泄漏;
+
+数据传输加密:Doris 支持 SSL 加密协议,确保客户端与 Doris 服务器之间的数据传输安全,防止数据在传输过程中被窃取或篡改;
+
+细粒度访问控制:Doris 中可以基于规则配置数据行/列管控用户访问权限。
diff --git a/sidebars.json b/sidebars.json
index c0eb4b909d..b96729b74f 100644
--- a/sidebars.json
+++ b/sidebars.json
@@ -475,6 +475,7 @@
"type": "category",
"label": "Security",
"items": [
+ "admin-manual/auth/security-overview",
{
"type": "category",
"label": "Authentication",
diff --git a/versioned_docs/version-2.1/admin-manual/auth/security-overview.md
b/versioned_docs/version-2.1/admin-manual/auth/security-overview.md
new file mode 100644
index 0000000000..e60ad77f24
--- /dev/null
+++ b/versioned_docs/version-2.1/admin-manual/auth/security-overview.md
@@ -0,0 +1,50 @@
+---
+{
+ "title": "Security Overview",
+ "language": "en"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+
+
+Doris provides the following mechanisms to manage data security:
+
+**Authentication:** Doris supports both username/password and LDAP
authentication methods.
+
+- **Built-in Authentication:** Doris includes a built-in username/password
authentication method, allowing customization of password policies.
+
+- **LDAP Authentication:** Doris can centrally manage user credentials through
LDAP services, simplifying access control and enhancing system security.
+
+**Permission Management:** Doris supports role-based access control (RBAC) or
can inherit Ranger to achieve centralized permission management.
+
+- **Role-Based Access Control (RBAC):** Doris can restrict users' access to
and operations on database resources based on their roles and permissions.
+
+- **Ranger Permission Management:** By integrating with Ranger, Doris enables
centralized permission management, allowing administrators to set fine-grained
access control policies for different users and groups.
+
+**Audit and Logging:** Doris can enable audit logs to record all user actions,
including logins, queries, data modifications, and more, facilitating
post-audit and issue tracking.
+
+**Data Encryption and Masking:** Doris supports encryption and masking of data
within tables to prevent unauthorized access and data leakage.
+
+**Data Transmission Encryption:** Doris supports SSL encryption protocols to
ensure secure data transmission between clients and Doris servers, preventing
data from being intercepted or tampered with during transfer.
+
+**Fine-Grained Access Control:** Doris allows configuring data row and column
access permissions based on rules to control user access at a granular level.
+
diff --git a/versioned_docs/version-3.0/admin-manual/auth/security-overview.md
b/versioned_docs/version-3.0/admin-manual/auth/security-overview.md
new file mode 100644
index 0000000000..e60ad77f24
--- /dev/null
+++ b/versioned_docs/version-3.0/admin-manual/auth/security-overview.md
@@ -0,0 +1,50 @@
+---
+{
+ "title": "Security Overview",
+ "language": "en"
+}
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+
+
+Doris provides the following mechanisms to manage data security:
+
+**Authentication:** Doris supports both username/password and LDAP
authentication methods.
+
+- **Built-in Authentication:** Doris includes a built-in username/password
authentication method, allowing customization of password policies.
+
+- **LDAP Authentication:** Doris can centrally manage user credentials through
LDAP services, simplifying access control and enhancing system security.
+
+**Permission Management:** Doris supports role-based access control (RBAC) or
can inherit Ranger to achieve centralized permission management.
+
+- **Role-Based Access Control (RBAC):** Doris can restrict users' access to
and operations on database resources based on their roles and permissions.
+
+- **Ranger Permission Management:** By integrating with Ranger, Doris enables
centralized permission management, allowing administrators to set fine-grained
access control policies for different users and groups.
+
+**Audit and Logging:** Doris can enable audit logs to record all user actions,
including logins, queries, data modifications, and more, facilitating
post-audit and issue tracking.
+
+**Data Encryption and Masking:** Doris supports encryption and masking of data
within tables to prevent unauthorized access and data leakage.
+
+**Data Transmission Encryption:** Doris supports SSL encryption protocols to
ensure secure data transmission between clients and Doris servers, preventing
data from being intercepted or tampered with during transfer.
+
+**Fine-Grained Access Control:** Doris allows configuring data row and column
access permissions based on rules to control user access at a granular level.
+
diff --git a/versioned_sidebars/version-2.1-sidebars.json
b/versioned_sidebars/version-2.1-sidebars.json
index 415db9dba7..b2be1d2a2d 100644
--- a/versioned_sidebars/version-2.1-sidebars.json
+++ b/versioned_sidebars/version-2.1-sidebars.json
@@ -404,6 +404,7 @@
"type": "category",
"label": "Security",
"items": [
+ "admin-manual/auth/security-overview",
{
"type": "category",
"label": "Authentication and Authorization",
@@ -1933,4 +1934,4 @@
]
}
]
-}
\ No newline at end of file
+}
diff --git a/versioned_sidebars/version-3.0-sidebars.json
b/versioned_sidebars/version-3.0-sidebars.json
index a7a63b568a..f2380da7f7 100644
--- a/versioned_sidebars/version-3.0-sidebars.json
+++ b/versioned_sidebars/version-3.0-sidebars.json
@@ -448,6 +448,7 @@
"type": "category",
"label": "Security",
"items": [
+ "admin-manual/auth/security-overview",
{
"type": "category",
"label": "Authentication and Authorization",
@@ -2000,4 +2001,4 @@
]
}
]
-}
\ No newline at end of file
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
