You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@druid.apache.org by te...@apache.org on 2023/05/19 21:56:31 UTC

[druid] branch master updated: docs: add line about write datasource perm for overlord api (#14114)

This is an automated email from the ASF dual-hosted git repository.

techdocsmith pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git


The following commit(s) were added to refs/heads/master by this push:
     new 9faf9ecf20 docs: add line about write datasource perm for overlord api (#14114)
9faf9ecf20 is described below

commit 9faf9ecf2081422bd2e8f46d795a1a2a01bfa7a7
Author: 317brian <53...@users.noreply.github.com>
AuthorDate: Fri May 19 14:56:24 2023 -0700

    docs: add line about write datasource perm for overlord api (#14114)
    
    Co-authored-by: Katya Macedo  <38...@users.noreply.github.com>
---
 docs/multi-stage-query/security.md | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/docs/multi-stage-query/security.md b/docs/multi-stage-query/security.md
index dcbb68f545..9a9e02b0ea 100644
--- a/docs/multi-stage-query/security.md
+++ b/docs/multi-stage-query/security.md
@@ -43,12 +43,18 @@ To submit a query:
 Once a query is submitted, it executes as a [`query_controller`](concepts.md#execution-flow) task. Query tasks that
 users submit to the MSQ task engine are Overlord tasks, so they follow the Overlord's security model. This means that
 users with access to the Overlord API can perform some actions even if they didn't submit the query, including
-retrieving status or canceling a query. For more information about the Overlord API and the task API, see [APIs for SQL-based ingestion](../api-reference/sql-ingestion-api.md).
+retrieving status or canceling a query. For more information about the Overlord API and the task API, see [APIs for
+SQL-based ingestion](../api-reference/sql-ingestion-api.md). 
+
+> Keep in mind that any user with access to Overlord APIs can submit `query_controller` tasks with only the WRITE DATASOURCE permission.
+
+Depending on what a user is trying to do, they might also need the following permissions:
+
+- `INSERT` or `REPLACE` queries: Users must have DATASOURCE READ permission on the output datasource.
+- `SELECT` queries: Users must have READ permission on the `__query_select` datasource, which is a stub datasource that gets created.
+  
 
-To interact with a query through the Overlord API, users need the following permissions:
 
-- `INSERT` or `REPLACE` queries: Users must have READ DATASOURCE permission on the output datasource.
-- `SELECT` queries: Users must have read permissions on the `__query_select` datasource, which is a stub datasource that gets created.
 
 ## S3
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org