Subhashini2610 opened a new issue, #16122:
URL: https://github.com/apache/druid/issues/16122
I am using Druid with BasicMetadataAuthenticator and
BasicMetadataAuthorizer. I have two data sources namely, "sample-data" and
'sample-data-prod". To allow segregated access, 2 roles are created namely,
"sample-data-role" and "sample-data-prod-role" with the below role permissions:
Permissions of sample-data-role:
```
[
{
"resource": {
"name": "sample-data",
"type": "DATASOURCE"
},
"action": "READ"
},
{
"resource": {
"name": "sample-data",
"type": "DATASOURCE"
},
"action": "WRITE"
},
{
"resource": {
"name": "CONFIG",
"type": "CONFIG"
},
"action": "READ"
},
{
"resource": {
"name": "CONFIG",
"type": "CONFIG"
},
"action": "WRITE"
},
{
"resource": {
"name": ".*",
"type": "STATE"
},
"action": "READ"
},
{
"resource": {
"name": ".*",
"type": "STATE"
},
"action": "WRITE"
},
{
"resource": {
"name": ".*",
"type": "QUERY_CONTEXT"
},
"action": "READ"
}
]
```
Permissions of sample-data-prod-role:
```
[
{
"resource": {
"name": "sample-data-prod",
"type": "DATASOURCE"
},
"action": "READ"
},
{
"resource": {
"name": "sample-data-prod",
"type": "DATASOURCE"
},
"action": "WRITE"
},
{
"resource": {
"name": "CONFIG",
"type": "CONFIG"
},
"action": "READ"
},
{
"resource": {
"name": "CONFIG",
"type": "CONFIG"
},
"action": "WRITE"
},
{
"resource": {
"name": ".*",
"type": "STATE"
},
"action": "READ"
},
{
"resource": {
"name": ".*",
"type": "STATE"
},
"action": "WRITE"
},
{
"resource": {
"name": ".*",
"type": "QUERY_CONTEXT"
},
"action": "READ"
}
]
```
I have created two users in the authenticator and authoriser and named them
as "sample-data-user" and "sample-data-prod-user". The corresponding roles are
also assigned to the users. However, the "sample-data-user" is able to access
both the supervisors and the "sample-data-prod" is not able to access any
supervisor.
Somehow, the Druid metadata store cache is pointing to wrong supervisors.
Can I delete the cache? Where exactly does Druid store users/roles/permissions
as they aren't stored in the database. Segregation of access based on data
sources is a must for us. Please help here.
PS: I might have mistakenly assigned one's role to the other initially. But
I have also tried deleting the entire role and creating it afresh again with
the permissions, but in vain.
### Affected Version
Druid v28.0.0
### Description
There are no errors observed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
