2bethere commented on a change in pull request #11016:
URL: https://github.com/apache/druid/pull/11016#discussion_r600874102
##########
File path: docs/operations/security-overview.md
##########
@@ -264,3 +318,29 @@ As an alternative to using the basic metadata
authenticator, as shown in the pre
Congratulations, you have configured permissions for user-assigned roles in
Druid!
+
+
+## Druid security trust model
+Like all other security systems, trust is the foundation of the Druid security
model. Druid administrators and read-only users are trusted users. Therefore,
they are not expected to act maliciously.
+
+
+Based on this expectation, Druid operates according to the following
principles:
+
+From the inner most layer:
+1. Druid processes run within the system user context. They have access to the
local files granted to the specified system user.
+2. The Druid ingestion system can create new processes to execute tasks. Those
tasks inherit the user of their parent process. This means that any user
authorized to submit an ingestion task can use the ingestion task permissions
to read or write any local files that the Druid process has access to.
+
+> Note: Only grant the permission to submit ingestion tasks to trusted users
because they can read and write to local file system.
+
+Within the cluster:
+1. Druid assumes it operates on an isolated, protected network where no
reachable IP within the network is under adversary control. It is the
responsibility of system implementers to setup firewalls and other methods of
protection.
+2. Druid supports TLS encryption for network traffic, including API calls and
data transfers.
Review comment:
Any suggestions on how we describe that the network traffic is protected?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
