Roles and Privileges
Drill has USER and ADMIN roles. Each role can perform different functions in Drill.
Access in the Drill Web UI differs between users and administrators. Certain pages are exposed based on privilege. For example, only administrators can see the Storage tab and edit a storage plugin configuration.
The following sections describe a few additional differences between a user and an administrator in Drill.
USER Role
- Users can run queries on data to which they have access.
- Users can view and cancel their own queries in the Profiles tab of the Drill Web UI.
- Users can create views on data to provide granular access to that data.NOTEEach data source manages the read/write permissions.
ADMIN Role
- Change system-level options by issuing the ALTER SYSTEM command or through the options tab in the Drill Web UI.
- Update a storage plugin configuration through the REST API or Drill Web UI.
- View the profiles of all queries run by all users.
- Cancel running queries that were launched by any user in the cluster.
- Shut down the Drillbit in the Drill Web UI.
Configuring USER and ADMIN Roles
You can define administrative users through the security.admin.user_groups
and security.admin.users
options.
The default value for admin.users
is the
drill_process_user
. The default value for
admin.user_groups
is drill_process_user_groups
. These
options accept a comma-separated list of users or user groups.
ALTER SYSTEM SET `security.admin.user_groups` = 'drill, %drill_process_user_groups%';
ALTER SYSTEM SET `security.admin.users` = 'user1, %drill_process_user%';
ALTER SYSTEM SET `security.admin.users` = 'user1, user2';