-
Notifications
You must be signed in to change notification settings - Fork 222
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add new documentation site for DataHub (#327)
- Loading branch information
Showing
102 changed files
with
8,252 additions
and
3,518 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,58 @@ | ||
**/yarn.lock -diff | ||
*.lock text -diff | ||
package-lock.json text -diff | ||
|
||
# Graphics | ||
*.ai binary | ||
*.bmp binary | ||
*.eps binary | ||
*.gif binary | ||
*.gifv binary | ||
*.ico binary | ||
*.jng binary | ||
*.jp2 binary | ||
*.jpg binary | ||
*.jpeg binary | ||
*.jpx binary | ||
*.jxr binary | ||
*.pdf binary | ||
*.png binary | ||
*.psb binary | ||
*.psd binary | ||
# SVG treated as an asset (binary) by default. | ||
*.svg text | ||
# If you want to treat it as binary, | ||
# use the following line instead. | ||
# *.svg binary | ||
*.svgz binary | ||
*.tif binary | ||
*.tiff binary | ||
*.wbmp binary | ||
*.webp binary | ||
|
||
# Audio | ||
*.kar binary | ||
*.m4a binary | ||
*.mid binary | ||
*.midi binary | ||
*.mp3 binary | ||
*.ogg binary | ||
*.ra binary | ||
|
||
# Video | ||
*.3gpp binary | ||
*.3gp binary | ||
*.as binary | ||
*.asf binary | ||
*.asx binary | ||
*.fla binary | ||
*.flv binary | ||
*.m4v binary | ||
*.mng binary | ||
*.mov binary | ||
*.mp4 binary | ||
*.mpeg binary | ||
*.mpg binary | ||
*.ogv binary | ||
*.swc binary | ||
*.swf binary | ||
*.webm binary |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
--- | ||
id: sharing_and_security | ||
title: Sharing & Security | ||
sidebar_label: Sharing & Security | ||
--- | ||
|
||
To understand how security & access restrictions work, let's first go over the core entities of DataHub. They are: | ||
|
||
- Environments | ||
- DataDocs | ||
- Tables & Schemas | ||
- Metastore | ||
- Query Engines | ||
- Query Executions | ||
|
||
All of these entities can be connected to each other as a tree where the environment is the root node. All DataDocs are required to be inside a single environment whereas query engines have many to many relationships with environments. Each query engine can belong to a single metastore, and every metastore is associated with 0 or more tables/schemas. Last, each query execution must belong to a query engine. | ||
|
||
When checking if a user has access to a certain entity in DataHub, DataHub would walk up the tree all the way to environments. Since there are many to many relationships, an entity may be related to multiple environments. If the user can access any one of them, then they can access the entity. | ||
|
||
The granularity of access can be configured further with environment configs. Currently, here are all the options to configure an Environment in DataHub: | ||
|
||
- Public | ||
- Hidden | ||
- Shareable | ||
|
||
A public environment means anyone who has access to the DataHub tool can access this environment. To only allow certain users to access the environment, you need to change the environment to private and add users one by one to the environment ACL. This can be done either in the Admin UI manually or through a dynamic script that runs automatically via the jobs plugin. | ||
|
||
A hidden environment means that the user would not see the environment if they do not have access to it. Sometimes, it is useful to turn that option off to let the user know an environment exists, but they do not have access to it. | ||
|
||
The shareable option is the most complex environment configuration for DataHub. By default, all DataDocs created in an environment is a public DataDoc, so all users who can access that environment can view the DataDoc. Similarly, all users in that environment can access all query executions associated with that environment. The shareable option is on by default as it simplifies the number of operations required to share a DataDoc or a query execution with someone else. If the shareable option is turned off, then all DataDocs created within an environment would be private by default, and query executions can only be viewed by the user who executed it or anyone who has access to the DataDoc that contains the execution. The owner can still invite others to view by either sharing the DataDoc/execution manually. | ||
|
||
:::note | ||
For a public DataDoc, users cannot edit it unless they are invited with edit permission. Furthermore, DataDocs in a shareable environment can still be converted to private so they are not accessible to the public. | ||
::: | ||
|
||
As a footnote, searching for DataDocs' access permission is verified at the environment level, searching for Tables is verified at the metastore level, and searching for users is available to all users on DataHub. Both public/private DataDocs can be searched, but the user would only see search results that they have access to. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.