From 978b494b465f346b5d89ffb792321d699eb626f1 Mon Sep 17 00:00:00 2001
From: sthetland <steve.hetland@imply.io>
Date: Tue, 23 Jun 2020 17:39:48 -0700
Subject: [PATCH] Druid user permissions (#10047)

* Druid user permissions apply in the console

* Update index.md

* noting user warning in console page; some minor shuffling

* noting user warning in console page; some minor shuffling 1

* touchups

* link checking fixes

* Updated per suggestions
---
 docs/design/processes.md          |  2 +-
 docs/design/router.md             |  4 ++--
 docs/operations/druid-console.md  |  9 +++++++--
 docs/operations/management-uis.md | 21 +++------------------
 docs/tutorials/index.md           |  4 ++++
 website/i18n/en.json              |  2 +-
 website/sidebars.json             |  6 +++---
 7 files changed, 21 insertions(+), 27 deletions(-)

diff --git a/docs/design/processes.md b/docs/design/processes.md
index bbcd917145d..4c1e46a46a7 100644
--- a/docs/design/processes.md
+++ b/docs/design/processes.md
@@ -78,7 +78,7 @@ caller. End users typically query Brokers rather than querying Historicals or Mi
 Overlords, and Coordinators. They are optional since you can also simply contact the Druid Brokers, Overlords, and
 Coordinators directly.
 
-The Router also runs the [Druid Console](../operations/management-uis.html#druid-console), a management UI for datasources, segments, tasks, data processes (Historicals and MiddleManagers), and coordinator dynamic configuration. The user can also run SQL and native Druid queries within the console.
+The Router also runs the [Druid Console](../operations/druid-console.md), a management UI for datasources, segments, tasks, data processes (Historicals and MiddleManagers), and coordinator dynamic configuration. The user can also run SQL and native Druid queries within the console.
 
 ### Data server
 
diff --git a/docs/design/router.md b/docs/design/router.md
index c5f73084a87..cc037e229da 100644
--- a/docs/design/router.md
+++ b/docs/design/router.md
@@ -24,13 +24,13 @@ title: "Router Process"
 
 
 > The Router is an optional and [experimental](../development/experimental.md) feature due to the fact that its recommended place in the Druid cluster architecture is still evolving.
-> However, it has been battle-tested in production, and it hosts the powerful [Druid Console](../operations/management-uis.html#druid-console), so you should feel safe deploying it.
+> However, it has been battle-tested in production, and it hosts the powerful [Druid Console](../operations/druid-console.md), so you should feel safe deploying it.
 
 The Apache Druid Router process can be used to route queries to different Broker processes. By default, the broker routes queries based on how [Rules](../operations/rule-configuration.md) are set up. For example, if 1 month of recent data is loaded into a `hot` cluster, queries that fall within the recent month can be routed to a dedicated set of brokers. Queries outside this range are routed to another set of brokers. This set up provides query isolation such that queries for more important data are not impacted by queries for less important data.
 
 For query routing purposes, you should only ever need the Router process if you have a Druid cluster well into the terabyte range.
 
-In addition to query routing, the Router also runs the [Druid Console](../operations/management-uis.html#druid-console), a management UI for datasources, segments, tasks, data processes (Historicals and MiddleManagers), and coordinator dynamic configuration. The user can also run SQL and native Druid queries within the console.
+In addition to query routing, the Router also runs the [Druid Console](../operations/druid-console.md), a management UI for datasources, segments, tasks, data processes (Historicals and MiddleManagers), and coordinator dynamic configuration. The user can also run SQL and native Druid queries within the console.
 
 ### Configuration
 
diff --git a/docs/operations/druid-console.md b/docs/operations/druid-console.md
index 24856e7afdd..2bda0e92250 100644
--- a/docs/operations/druid-console.md
+++ b/docs/operations/druid-console.md
@@ -22,20 +22,25 @@ title: "Web console"
   ~ under the License.
   -->
 
+Druid include a console for managing datasources, segments, tasks, data processes (Historicals and MiddleManagers), and coordinator dynamic configuration. Users can also run SQL and native Druid queries in the console.
 
 The Druid Console is hosted by the [Router](../design/router.md) process.
 
-In addition, the following cluster settings must be enabled:
+The following cluster settings must be enabled, as they are by default:
 
 - the Router's [management proxy](../design/router.html#enabling-the-management-proxy) must be enabled.
 - the Broker processes in the cluster must have [Druid SQL](../querying/sql.md) enabled.
 
-After enabling Druid SQL on the Brokers and deploying a Router with the management proxy enabled, the Druid console can be accessed at:
+The Druid console can be accessed at:
 
 ```
 http://<ROUTER_IP>:<ROUTER_PORT>
 ```
 
+> It is important to note that any Druid console user will have, effectively, the same file permissions as the user under which Druid runs. One way these permissions are surfaced is in the file browser dialog. The dialog
+will show console users the files that the underlying user has permissions to. In general, avoid running Druid as 
+root user. Consider creating a dedicated user account for running Druid.
+
 Below is a description of the high-level features and functionality of the Druid Console
 
 ## Home
diff --git a/docs/operations/management-uis.md b/docs/operations/management-uis.md
index bb3e80bf5e8..2b1d2347035 100644
--- a/docs/operations/management-uis.md
+++ b/docs/operations/management-uis.md
@@ -1,6 +1,6 @@
 ---
 id: management-uis
-title: "Management UIs"
+title: "Legacy Management UIs"
 ---
 
 <!--
@@ -23,29 +23,14 @@ title: "Management UIs"
   -->
 
 
-## Druid console
+## Legacy consoles
 
 Druid provides a console for managing datasources, segments, tasks, data processes (Historicals and MiddleManagers), and coordinator dynamic configuration. The user can also run SQL and native Druid queries within the console.
 
-The Druid Console is hosted by the [Router](../design/router.md) process. We recommend running the Router process on your [Query server](../design/processes.md).
-
-In addition, the following cluster settings must be enabled:
-
-- the Router's [management proxy](../design/router.html#enabling-the-management-proxy) must be enabled.
-- the Broker processes in the cluster must have [Druid SQL](../querying/sql.md) enabled.
-
-After enabling Druid SQL on the Brokers and deploying a Router with the management proxy enabled, the Druid console can be accessed at:
-
-```
-http://<ROUTER_IP>:<ROUTER_PORT>
-```
+For more information on the Druid Console, have a look at the [Druid Console overview](./druid-console.md)
 
 The Druid Console contains all of the functionality provided by the older consoles described below, which are still available if needed. The legacy consoles may be replaced by the Druid Console in the future.
 
-For more information on the features of the Druid Console have a look at the [Druid Console overview](./druid-console.md)
-
-## Legacy consoles
-
 These older consoles provide a subset of the functionality of the Druid Console. We recommend using the Druid Console if possible.
 
 ### Coordinator consoles
diff --git a/docs/tutorials/index.md b/docs/tutorials/index.md
index 2ee1b42eeb6..5c8bdd422ca 100644
--- a/docs/tutorials/index.md
+++ b/docs/tutorials/index.md
@@ -54,6 +54,10 @@ The software requirements for the installation machine are:
 `DRUID_JAVA_HOME` if there is more than one instance of Java. To verify Java requirements for your environment, run the 
 `bin/verify-java` script.
 
+Before installing a production Druid instance, be sure to consider the user account on the operating system under 
+which Druid will run. This is important because any Druid console user will have, effectively, the same permissions as 
+that user. So, for example, the file browser UI will show console users the files that the underlying user can 
+access. In general, avoid running Druid as root user. Consider creating a dedicated user account for running Druid.   
 
 ## Step 1. Install Druid
 
diff --git a/website/i18n/en.json b/website/i18n/en.json
index 9561136a5e5..6c40a615708 100644
--- a/website/i18n/en.json
+++ b/website/i18n/en.json
@@ -334,7 +334,7 @@
         "title": "kubernetes"
       },
       "operations/management-uis": {
-        "title": "Management UIs"
+        "title": "Legacy Management UIs"
       },
       "operations/metadata-migration": {
         "title": "Metadata Migration"
diff --git a/website/sidebars.json b/website/sidebars.json
index da8a7345841..019f8eeef89 100644
--- a/website/sidebars.json
+++ b/website/sidebars.json
@@ -111,7 +111,8 @@
       "configuration/logging"
     ],
     "Operations": [
-      "operations/management-uis",
+      "operations/druid-console",
+      "operations/getting-started",
       "operations/basic-cluster-tuning",
       "operations/api-reference",
       "operations/high-availability",
@@ -131,10 +132,9 @@
         "type": "subcategory",
         "label": "Misc",
         "ids": [
+          "operations/management-uis",
           "operations/deep-storage-migration",
-          "operations/druid-console",
           "operations/export-metadata",
-          "operations/getting-started",
           "operations/metadata-migration",
           "operations/segment-optimization",
           "operations/use_sbt_to_build_fat_jar"