[jira] [Comment Edited] (DRILL-3622) With user authentication enabled, only admin users should be able to change system options

Venki Korukanti (JIRA) Fri, 28 Aug 2015 09:40:06 -0700

    [ 
https://issues.apache.org/jira/browse/DRILL-3622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14720120#comment-14720120
 ]


Venki Korukanti edited comment on DRILL-3622 at 8/28/15 4:38 PM:
-----------------------------------------------------------------

First part is define who is considered an admin user.

Proposal is to add two new options:

*security.admin.users*: a comma separated list of admin usernames
*security.admin.user_groups*: a comma separated list of admin usergroups.

User who is connected to Drillbit (through JDBC/ODBC/WebUI) is considered an 
*admin* user if the user:
 * is part of the *security.admin.users*
 * belongs to a group which is in list *security.admin.user_groups* or
 * is same as the user who is running the Drillbit

Theses options can be:
 * BOOT scoped, but BOOT options are too restrictive and needs to set on all 
nodes and any change requires restart of the cluster. 
  * SYSTEM scoped, so any admin user should be able to update them without the 
cluster restart. Problem is one admin user can delete other admins from the 
list. 



was (Author: vkorukanti):
First part is define who is considered an admin user.

Proposal is to add two new system scoped options:

*security.admin.users*: a comma separated list of admin usernames
*security.admin.user_groups*: a comma separated list of admin usergroups.

User who is connected to Drillbit (through JDBC/ODBC/WebUI) is considered an 
*admin* user if the user:
 * is part of the *security.admin.users*
 * belongs to a group which is in list *security.admin.user_groups* or
 * is same as the user who is running the Drillbit

Other option is make the above two settings as BOOT, but BOOT options are too 
restrictive and needs to set on all nodes and any change requires restart of 
the cluster. Making them as SYSTEM scoped option, any admin user should be able 
to update them.

> With user authentication enabled, only admin users should be able to change 
> system options
> ------------------------------------------------------------------------------------------
>
>                 Key: DRILL-3622
>                 URL: https://issues.apache.org/jira/browse/DRILL-3622
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Execution - Flow
>            Reporter: Sudheesh Katkam
>            Assignee: Chris Westin
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Comment Edited] (DRILL-3622) With user authentication enabled, only admin users should be able to change system options

Reply via email to