Roles and Privileges

Drill has USER and ADMIN roles. Each role can perform different functions in Drill.

Access in the Drill Web UI differs between users and administrators. Certain pages are exposed based on privilege. For example, only administrators can see the Storage tab and edit a storage plugin configuration.

The following sections describe a few additional differences between a user and an administrator in Drill.


The following list notes the functions that a user can perform in Drill:
  • Users can run queries on data to which they have access.
  • Users can view and cancel their own queries in the Profiles tab of the Drill Web UI.
  • Users can create views on data to provide granular access to that data.
    Note: Each data source manages the read/write permissions.


When authentication is enabled, only Drill users assigned the administrator (ADMIN) role can perform the following tasks:
  • Change system-level options by issuing the ALTER SYSTEM command or through the options tab in the Drill Web UI.
  • Update a storage plugin configuration through the REST API or Drill Web UI.
  • View the profiles of all queries run by all users.
  • Cancel running queries that were launched by any user in the cluster.
  • Shut down the Drillbit in the Drill Web UI.

Configuring USER and ADMIN Roles

You can define administrative users through the security.admin.user_groups and security.admin.users options.

The default value for admin.users is the drill_process_user. The default value for admin.user_groups is drill_process_user_groups. These options accept a comma-separated list of users or user groups.

To edit these options, use the SET command, as shown in the following examples:
ALTER SYSTEM SET `security.admin.user_groups` = 'drill, %drill_process_user_groups%';
ALTER SYSTEM SET `security.admin.users` = 'user1, %drill_process_user%';
ALTER SYSTEM SET `security.admin.users` = 'user1, user2';