techdocsmith commented on a change in pull request #11720:
URL: https://github.com/apache/druid/pull/11720#discussion_r711342731
##########
File path: docs/operations/security-user-auth.md
##########
@@ -29,11 +29,12 @@ This document describes the Druid security model that
extensions use to enable u
At the center of the Druid user authentication and authorization model are
_resources_ and _actions_. A resource is something that authenticated users are
trying to access or modify. An action is something that users are trying to do.
-There are three resource types:
+There are four resource types:
Review comment:
```suggestion
Druid uses the following resource types:
```
avoid specific number
##########
File path: docs/configuration/index.md
##########
@@ -1763,6 +1763,7 @@ The Druid SQL server is configured through the following
properties on the Broke
|`druid.sql.planner.sqlTimeZone`|Sets the default time zone for the server,
which will affect how time functions and timestamp literals behave. Should be a
time zone name like "America/Los_Angeles" or offset like "-08:00".|UTC|
|`druid.sql.planner.metadataSegmentCacheEnable`|Whether to keep a cache of
published segments in broker. If true, broker polls coordinator in background
to get segments from metadata store and maintains a local cache. If false,
coordinator's REST API will be invoked when broker needs published segments
info.|false|
|`druid.sql.planner.metadataSegmentPollPeriod`|How often to poll coordinator
for published segments list if `druid.sql.planner.metadataSegmentCacheEnable`
is set to true. Poll period is in milliseconds. |60000|
+|`druid.sql.planner.authorizeSystemTablesDirectly`|If true, queries against
any of the system schema tables (`sys` in SQL) will be authorized as
`SYSTEM_TABLE` resources which require `READ` access, on top of their current
permissions based filtering.|false|
Review comment:
```suggestion
|`druid.sql.planner.authorizeSystemTablesDirectly`|If true, Druid authorizes
queries against any of the system schema tables (`sys` in SQL) as
`SYSTEM_TABLE` resources which require `READ` access, in addition to
permissions based filtering.|false|
```
##########
File path: docs/operations/security-user-auth.md
##########
@@ -29,11 +29,12 @@ This document describes the Druid security model that
extensions use to enable u
At the center of the Druid user authentication and authorization model are
_resources_ and _actions_. A resource is something that authenticated users are
trying to access or modify. An action is something that users are trying to do.
-There are three resource types:
+There are four resource types:
* DATASOURCE – Each Druid table (i.e., `tables` in the `druid` schema in
SQL) is a resource.
* CONFIG – Configuration resources exposed by the cluster components.
* STATE – Cluster-wide state resources.
+* SYSTEM_TABLE – if `druid.sql.planner.authorizeSystemTablesDirectly` is
enabled, then system tables (the `sys` schema in SQL) are authorized as this
type of resource.
Review comment:
```suggestion
* SYSTEM_TABLE – if `druid.sql.planner.authorizeSystemTablesDirectly`
is enabled, then Druid authorizes system tables,`sys` schema in SQL, using this
resource type.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
