This is an automated email from the ASF dual-hosted git repository. dzamo pushed a commit to branch gh-pages in repository https://gitbox.apache.org/repos/asf/drill.git
commit 2ee6219d2b0819f64b29c6501a9618966ea190d5 Author: James Turton <[email protected]> AuthorDate: Tue Mar 30 16:45:09 2021 +0200 Fix malformed link in 020-secure-communication-paths.md --- .../020-secure-communication-paths.md | 52 ++++++++++++---------- _docs/sql-reference/040-operators.md | 21 +++++---- 2 files changed, 41 insertions(+), 32 deletions(-) diff --git a/_docs/configure-drill/securing-drill/020-secure-communication-paths.md b/_docs/configure-drill/securing-drill/020-secure-communication-paths.md index 54c4646..5390d2f 100644 --- a/_docs/configure-drill/securing-drill/020-secure-communication-paths.md +++ b/_docs/configure-drill/securing-drill/020-secure-communication-paths.md @@ -7,7 +7,7 @@ As illustrated in the following figure, Drill features five secure communication 1. [Web Client to Drillbit]({{site.baseurl}}/docs/secure-communication-paths/#web-client-to-drillbit) -1. [Java and C++ Client to Drillbit]({{site.baseurl}}/docs/secure-communication-paths/#java-and-c+|-client-to-drillbit) +1. [Java and C++ Client to Drillbit]({{site.baseurl}}/docs/secure-communication-paths/#java-and-c-client-to-drillbit) 1. [Java Client and Drillbit to ZooKeeper]({{site.baseurl}}/docs/secure-communication-paths/#drill-client-and-drillbit-to-zookeeper) 1. [Drillbit to Hive Storage Plugin]({{site.baseurl}}/docs/secure-communication-paths/#drillbit-to-hive-storage-plugin) @@ -33,41 +33,47 @@ Impersonation and authorization are available through the web clients only when --- -| Security Capability | Description | Re [...] -|---------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--- [...] -| Authentication | Users authenticate to a drillbit using a username and password form authenticator. By default, authentication is disabled. | [C [...] -| Encryption | Drill usese SSL for HTTPS access to the Web UI. | [Config [...] -| Impersonation | Drill acts on behalf of the user on the session. This is usually the connection user (or the user that authenticates). This user can impersonate another user, which is allowed if the connection user is authorized to impersonate the target user based on the inbound impersonation policies (USER role). By default, impersonation is disabled. | [C [...] -| Authorization | Queries execute on behalf of the web user. Users and administrators have different navigation bars. Various tabs are shown based on privileges. For example, only administrators can see the Storage tab and create/read/update/delete storage plugin configuration. | [C [...] +|---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------ [...] +| Security Capability | Description | Reference [...] +|---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------ [...] +| Authentication | Users authenticate to a drillbit using a username and password form authenticator. By default, authentication is disabled. | [Configuring Web UI and REST API Security]({{site.baseurl}}/docs/configuring-web-ui-and-rest-api-security) [...] +| Encryption | Drill usese SSL for HTTPS access to the Web UI. | [Configuring Web UI and REST API Security]({{site.baseurl}}/docs/configuring-web-ui-and-rest-api-security) [...] +| Impersonation | Drill acts on behalf of the user on the session. This is usually the connection user (or the user that authenticates). This user can impersonate another user, which is allowed if the connection user is authorized to impersonate the target user based on the inbound impersonation policies (USER role). By default, impersonation is disabled. | [Configuring User Impersonation]({{site.baseurl}}/docs/configuring-user-impersonation/#impersonation-and-views) and [Configur [...] +| Authorization | Queries execute on behalf of the web user. Users and administrators have different navigation bars. Various tabs are shown based on privileges. For example, only administrators can see the Storage tab and create/read/update/delete storage plugin configuration. | [Configuring Web UI and REST API Security]({{site.baseurl}}/docs/configuring-web-ui-and-rest-api-security) [...] +|---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------ [...] ## Java and C++ Client to Drillbit Java (native or JDBC) and C++ (native or ODBC) clients submit queries to Drill. BI tools use the ODBC or JDBC API. -| Security Capability | Description | Reference [...] -|---------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------- [...] -| Authentication | Users authenticate to a drillbit using Kerberos, Plain (username and password through PAM), and Custom authenticator (username and password). By default, user authentication is disabled. | [Configuring User Security [...] -| Encryption | Drill 1.11 supports encryption between a Drill client and a Drillbit with the Kerberos mechanism over a Java SASL framework. Encrypting the client-to-drillbit communication path ensures data integrity and privacy and prevents data tampering and snooping. If encryption is enabled on a drillbit, it will not allow a client without encryption capabilities to connect. By default, encryption is disabled. | [Configuring Kerber [...] +| Security Capability | Description | Reference [...] +|---------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------- [...] +| Authentication | Users authenticate to a drillbit using Kerberos, Plain (username and password through PAM), and Custom authenticator (username and password). By default, user authentication is disabled. | [Configuring User Security [...] +| Encryption | Drill 1.11 supports encryption between a Drill client and a Drillbit with the Kerberos mechanism over a Java SASL framework. Encrypting the client-to-drillbit communication path ensures data integrity and privacy and prevents data tampering and snooping. If encryption is enabled on a drillbit, it will not allow a client without encryption capabilities to connect. By default, encryption is disabled. | [Configuring Kerberos Secu [...] | Impersonation | Drill acts on behalf of the user on the session. This is usually the connection user (or the user that authenticates). This user can impersonate another user. This is allowed if the connection user is authorized to impersonate the target user based on the inbound impersonation policies (USER role). By default, impersonation is disabled. | [Configuring User Imperson [...] -| Authorization | A user can execute queries on data that he/she has access to. Each storage plugin manages the read/write permissions. Users can create views on top of data to provide granular access to that data. The user sets read permissions to appropriate users and/or groups. System-level options can only be changed by administrators (USER role). By default, only the process user is an administrator. This is available if authentication is enabled. | [Configuring User Imperson [...] +| Authorization | A user can execute queries on data that he/she has access to. Each storage plugin manages the read/write permissions. Users can create views on top of data to provide granular access to that data. The user sets read permissions to appropriate users and/or groups. System-level options can only be changed by administrators (USER role). By default, only the process user is an administrator. This is available if authentication is enabled. | [Configuring User Imperson [...] +|---------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------- [...] ## Drill Client and Drillbit to ZooKeeper Drill clients and drillbits communicate with ZooKeeper to obtain the list of active drillbits. Drillbits store system-level options and running query profiles. -| Security Capability | Description | Reference | -|---------------------|-----------------------------------------------------|---------------------------------| -| Authentication | Not fully supported. | [Configuring User Security]({{site.baseurl}}/docs/configuring-user-security) | -| Authorization | Drill does not set ACLs on ZooKeeper nodes (znode). | | -| Encryption | Not fully supported. | [ZooKeeper SSL User Guide](https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide "ZooKeeper SSL User Guide") | +|---------------------|-----------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------| +| Security Capability | Description | Reference | +|---------------------|-----------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------| +| Authentication | Not fully supported. | [Configuring User Security]({{site.baseurl}}/docs/configuring-user-security) | +| Authorization | Drill does not set ACLs on ZooKeeper nodes (znode). | | +| Encryption | Not fully supported. | [ZooKeeper SSL User Guide](https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide "ZooKeeper SSL User Guide") | +|---------------------|-----------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------| ## Drillbit to Hive Storage Plugin The planner accesses the Hive Metastore for metadata. During execution, query fragments scan data from Hive using the Hive storage plugin. -| Security Capability | Description | Reference | -|--------------------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Authentication | Drillbit is a client to the Hive Metastore. Authentication options include Kerberos and DIGEST. By default, authentication is disabled. | Kerberos (if Hive impersonation is disabled and Kerberos principal is mentioned) and DIGEST (the only supported mechanism when Hive impersonation is enabled and SASL is enabled). | -| Impersonation | While accessing Hive Metastore, Hive impersonation setting in the storage plugin configuration overrides Drill’s impersonation setting. While scanning data in Hive, Drill impersonation is applied. | [Configuring User Impersonation]({{site.baseurl}}/docs/configuring-user-impersonation) | -| Authorization | Drill supports SQL standard-based authorization and storage-based authorization. | [Configuring User Impersonation with Hive Authorization]({{site.baseurl}}/docs/configuring-user-impersonation-with-hive-authorization) | - +|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Security Capability | Description | Reference | +| --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Authentication | Drillbit is a client to the Hive Metastore. Authentication options include Kerberos and DIGEST. By default, authentication is disabled. | Kerberos (if Hive impersonation is disabled and Kerberos principal is mentioned) and DIGEST (the only supported mechanism when Hive impersonation is enabled and SASL is enabled). | +| Impersonation | While accessing Hive Metastore, Hive impersonation setting in the storage plugin configuration overrides Drill’s impersonation setting. While scanning data in Hive, Drill impersonation is applied. | [Configuring User Impersonation]({{site.baseurl}}/docs/configuring-user-impersonation) | +| Authorization | Drill supports SQL standard-based authorization and storage-based authorization. | [Configuring User Impersonation with Hive Authorization]({{site.baseurl}}/docs/configuring-user-impersonation-with-hive-authorization) | +|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| diff --git a/_docs/sql-reference/040-operators.md b/_docs/sql-reference/040-operators.md index 9b37b15..a645e10 100644 --- a/_docs/sql-reference/040-operators.md +++ b/_docs/sql-reference/040-operators.md @@ -42,13 +42,15 @@ You can use the LIKE pattern matching operator in your Drill queries. You can use the following math operators in your Drill queries: -**Operator**| **Description** ----|--- -+| Addition --| Subtraction -*| Multiplication -/| Division - +|--------------|-----------------| +| **Operator** | **Description** | +|--------------|-----------------| +| + | Addition | +| - | Subtraction | +| * | Multiplication | +| / | Division | +|--------------|-----------------| + ## Subquery Operators You can use the following subquery operators in your Drill queries: @@ -72,6 +74,7 @@ The concat function treats NULL as an empty string. The concatenate operator (|| The following table shows the precedence of operators in decreasing order: +|--------------------------------------|---------------|-------------------------------------------------------------| | Operator/Element | Associativity | Description | |--------------------------------------|---------------|-------------------------------------------------------------| | . | left | dot notation used, for example, to drill down in a JSON map | @@ -85,7 +88,7 @@ The following table shows the precedence of operators in decreasing order: | IS NOT NULL | | test for not null | | (any other) | left | all other native and user-defined operators | | IN | | set membership | -| BETWEEN | | range containment, includes end points | +| BETWEEN | | range containment, includes end points | | OVERLAPS | | time interval overlap | | LIKE ILIKE SIMILAR TO NOT SIMILAR TO | | string pattern matching | | < > | | less than, greater than | @@ -93,4 +96,4 @@ The following table shows the precedence of operators in decreasing order: | NOT | right | logical negation | | AND | left | logical conjunction | | OR | left | logical disjunction | - +|--------------------------------------|---------------|-------------------------------------------------------------|
