bitblender commented on a change in pull request #1467: DRILL-5671: Set secure 
ACLs (Access Control List) for Drill ZK nodes in a secure cluster
URL: https://github.com/apache/drill/pull/1467#discussion_r232045631
 
 

 ##########
 File path: distribution/src/resources/drill-override-example.conf
 ##########
 @@ -72,6 +72,22 @@ drill.exec: {
          count: 7200,
          delay: 500
        }
+       # This option controls whether Drill specifies ACLs when it creates 
znodes.
+       # If this is 'false', then anyone has all privileges for all Drill 
znodes.
+       # This corresponds to ZOO_OPEN_ACL_UNSAFE.
+       # Setting this flag to 'true' enables the provider specified in 
"acl_provider"
+       apply_secure_acl: false,
+
+       # This option specified the ACL provider to be used by Drill.
+       # Custom ACL providers can be provided in the Drillbit classpath and 
Drill can be made to pick them
+       # by changing this option.
+       # Note: This option has no effect if "apply_secure_acl" is 'false'
+       #
+       # The default "creator-all" will setup ACLs such that
+       #    - Only the Drillbit user will have all privileges(create, delete, 
read, write, admin). Same as ZOO_CREATOR_ALL_ACL
+       #    - Other users will only be able to read the cluster-discovery(list 
of Drillbits in the cluster) znodes.
+    #
+    acl_provider: "creator-all"
 
 Review comment:
   "open" is basically a provider that is internally used when 
"apply_secure_acl" is 'false'. 
   
   I did not mention "open" because it can cause confusion when seen along with 
the "apply_secure_acl" flag. It could lead to a situation where the users set 
"apply_secure_acl" = 'true' and also inadvertently set the provider to "open", 
leading them to falsely believe that they are getting secure ACLs because 
apply_secure_acl is true.
   
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to