kfaraz commented on a change in pull request #11785:
URL: https://github.com/apache/druid/pull/11785#discussion_r725217810
##########
File path: docs/operations/security-user-auth.md
##########
@@ -50,6 +50,11 @@ In practice, most deployments will only need to define two
classes of users:
It is important to note that WRITE access to DATASOURCE grants a user broad
access. For instance, such users will have access to the Druid file system, S3
buckets, and credentials, among other things. As such, the ability to add and
manage datasources should be allocated selectively to administrators.
+> Note: `WRITE` permission on a resource does not include `READ` permission as
well.
+> For instance, a `DATASOURCE READ`-only user might be able to access an API
or a
+> system schema record that a `DATASOURCE WRITE`-only user would not have
access to.
+> If a user needs to have both `READ` and `WRITE` permissions on a resource,
+> grant them both explicitly.
Review comment:
Thanks for the review, @techdocsmith ! Committed your suggestion with
slight modification.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
