drill-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bridg...@apache.org
Subject drill git commit: 1.6 edits
Date Wed, 16 Mar 2016 00:20:52 GMT
Repository: drill
Updated Branches:
  refs/heads/gh-pages 1dfec3806 -> 1112d23a5


1.6 edits


Project: http://git-wip-us.apache.org/repos/asf/drill/repo
Commit: http://git-wip-us.apache.org/repos/asf/drill/commit/1112d23a
Tree: http://git-wip-us.apache.org/repos/asf/drill/tree/1112d23a
Diff: http://git-wip-us.apache.org/repos/asf/drill/diff/1112d23a

Branch: refs/heads/gh-pages
Commit: 1112d23a55697d2d2246ff0a2f75b9bd8ef3c43a
Parents: 1dfec38
Author: Bridget Bevens <bbevens@maprtech.com>
Authored: Tue Mar 15 17:19:14 2016 -0700
Committer: Bridget Bevens <bbevens@maprtech.com>
Committed: Tue Mar 15 17:19:14 2016 -0700

----------------------------------------------------------------------
 .../071-configure-inbound-impersonation.md         |   9 +++++----
 _docs/img/inboundImpersonation.PNG                 | Bin 0 -> 21216 bytes
 .../010-sql-window-functions-introduction.md       |   4 ++--
 3 files changed, 7 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/drill/blob/1112d23a/_docs/configure-drill/071-configure-inbound-impersonation.md
----------------------------------------------------------------------
diff --git a/_docs/configure-drill/071-configure-inbound-impersonation.md b/_docs/configure-drill/071-configure-inbound-impersonation.md
index 3c03d67..11e8a60 100644
--- a/_docs/configure-drill/071-configure-inbound-impersonation.md
+++ b/_docs/configure-drill/071-configure-inbound-impersonation.md
@@ -1,18 +1,19 @@
 ---
 title: "Configuring Inbound Impersonation"
-date: 2016-03-16 00:00:26 UTC
+date: 2016-03-16 00:19:15 UTC
 parent: "Configure Drill"
 ---  
 
 Drill supports [user impersonation]({{site.baseurl}}/docs/configuring-user-impersonation/)
 where queries run as the user that created a connection. However, this user is not necessarily
the end user who submits the queries. For example, in a classic three-tier architecture, the
end user interacts with Tableau Desktop, which communicates with a Tableau Server, which in
turn communicates with a Drill cluster. In this scenario, a proxy user creates a connection,
and the queries are submitted to Drill by the proxy user on behalf of the end user, and not
by the end user directly. In this particular case, the query runs as the end user.  
 
+As of Drill 1.6, an administrator can define inbound impersonation policies to impersonate
the end user. Impersonating the end user is a natural extension of Drill’s impersonation
model and accounts for one more [user hop in the chain]({{site.baseurl}}/docs/configuring-user-impersonation/#chained-impersonation).
This additional hop requires authorization, meaning that the proxy user needs to be authorized
to submit queries on behalf of the specified end user. Otherwise, any user can impersonate
another user. Then, the query runs as the end user, and data authorization is based on this
user’s access permissions. Note that without [authentication]({{site.baseurl}}/docs/configuring-user-authentication/)
enabled in both communication channels, a user can impersonate any other user.
+
+Drill trusts proxy users to provide the correct end user identity information. Drill does
not authenticate the end user. The proxy user (application) is responsible for end user authentication,
which is usually enabled.
+
 ![]({{ site.baseurl }}/docs/img/inboundImpersonation.PNG)  
 
 This image shows how identity is propagated through various layers (with authentication enabled).
The flow on the left is Drill with user impersonation enabled, and the flow on the right is
Drill with inbound impersonation enabled. `t:euser` is a property on the connection (`u` is
`username`, `p`is `password`, `t` is `impersonation_target`).  
 
-As of Drill 1.6, an administrator can define inbound impersonation policies to impersonate
the end user. Impersonating the end user is a natural extension of Drill’s impersonation
model and accounts for one more [user hop in the chain]({{site.baseurl}}/docs/configuring-user-impersonation/#chained-impersonation).
This additional hop requires authorization, meaning that the proxy user needs to be authorized
to submit queries on behalf of the specified end user. Otherwise, any user can impersonate
another user. Then, the query runs as the end user, and data authorization is based on this
user’s access permissions. Note that without [authentication]({{site.baseurl}}/docs/configuring-user-authentication/)
enabled in both communication channels, a user can impersonate any other user.
-
-Drill trusts proxy users to provide the correct end user identity information. Drill does
not authenticate the end user. The proxy user (application) is responsible for end user authentication,
which is usually enabled.
 
 ##Configuring Inbound Impersonation
 You must be an administrator to configure inbound impersonation. You can define administrative
users through the `security.admin.user_groups` and `security.admin.users` options. See [Configuration
Options]({{site.baseurl}}/docs/configuration-options-introduction/#system-options). 

http://git-wip-us.apache.org/repos/asf/drill/blob/1112d23a/_docs/img/inboundImpersonation.PNG
----------------------------------------------------------------------
diff --git a/_docs/img/inboundImpersonation.PNG b/_docs/img/inboundImpersonation.PNG
new file mode 100644
index 0000000..e87cb48
Binary files /dev/null and b/_docs/img/inboundImpersonation.PNG differ

http://git-wip-us.apache.org/repos/asf/drill/blob/1112d23a/_docs/sql-reference/sql-window-functions/010-sql-window-functions-introduction.md
----------------------------------------------------------------------
diff --git a/_docs/sql-reference/sql-window-functions/010-sql-window-functions-introduction.md
b/_docs/sql-reference/sql-window-functions/010-sql-window-functions-introduction.md
index 8ca7f82..38d76ea 100644
--- a/_docs/sql-reference/sql-window-functions/010-sql-window-functions-introduction.md
+++ b/_docs/sql-reference/sql-window-functions/010-sql-window-functions-introduction.md
@@ -1,6 +1,6 @@
 ---
 title: "SQL Window Functions Introduction"
-date: 2016-03-16 00:00:27 UTC
+date: 2016-03-16 00:19:15 UTC
 parent: "SQL Window Functions"
 ---
 
@@ -147,7 +147,7 @@ and *frame_end* is one of the following choices:
        CURRENT ROW  
        UNBOUNDED FOLLOWING  
 
-{% include startnote.html %}The *frame_end* choice cannot appear earlier than the *frame_start*
choice and defaults to CURRENT ROW if not explicitly included.{% include endnote.html %}
+{% include startnote.html %}The *frame\_end* choice cannot appear earlier than the *frame\_start*
choice and defaults to CURRENT ROW if not explicitly included.{% include endnote.html %}
 
 
 ## Arguments  


Mime
View raw message