This is an automated email from the ASF dual-hosted git repository.
weichiu pushed a commit to branch HDDS-9225-website-v2
in repository https://gitbox.apache.org/repos/asf/ozone-site.git
The following commit(s) were added to refs/heads/HDDS-9225-website-v2 by this
push:
new a099190ad HDDS-2091. Document the who are adminstators Under Ozone.
(#254)
a099190ad is described below
commit a099190ade2b6cc7a1eb957c7e5d9145c654a719
Author: Wei-Chiu Chuang <[email protected]>
AuthorDate: Fri Jan 23 18:21:53 2026 -0800
HDDS-2091. Document the who are adminstators Under Ozone. (#254)
---
.../03-security/01-administrators.md | 40 ++++++++++++++++++++--
1 file changed, 38 insertions(+), 2 deletions(-)
diff --git
a/docs/05-administrator-guide/02-configuration/03-security/01-administrators.md
b/docs/05-administrator-guide/02-configuration/03-security/01-administrators.md
index 8d7be2145..cf0841e05 100644
---
a/docs/05-administrator-guide/02-configuration/03-security/01-administrators.md
+++
b/docs/05-administrator-guide/02-configuration/03-security/01-administrators.md
@@ -4,6 +4,42 @@ sidebar_label: Administrators
# Configuring Ozone Administrators
-**TODO:** File a subtask under
[HDDS-9859](https://issues.apache.org/jira/browse/HDDS-9859) and complete this
page or section.
+Ozone identifies administrators through specific configuration properties,
allowing for fine-grained control over administrative access. These properties
define users and groups with elevated privileges, or read-only administrative
access.
-Ozone has many configurations for administrators. Document their default
values, and usage of Ozone admin users and groups, Recon admin users and
groups, and S3 admin user and groups.
+## Core Ozone Administrators
+
+These properties define the primary administrators for the Ozone cluster.
+
+| Property Name | Description | Default Value |
+|---|---|---|
+| `ozone.administrators` | Comma-separated list of user names who are
considered Ozone administrators. If this property is not explicitly set, the
user who launches an Ozone service will be automatically designated as the
initial administrator. | (empty) |
+| `ozone.administrators.groups` | Comma-separated list of group names whose
members are considered Ozone administrators. Users belonging to any of these
groups will have administrative access. | (empty) |
+
+## Read-Only Ozone Administrators
+
+These properties define users and groups with read-only administrative access,
allowing them to perform read operations without standard access checks.
+
+| Property Name | Description | Default Value |
+|---|---|---|
+| `ozone.readonly.administrators` | Comma-separated list of user names who
have read-only administrative access. These users can perform read operations
without undergoing regular access checks. | (empty) |
+| `ozone.readonly.administrators.groups` | Comma-separated list of group names
whose members have read-only administrative access. Users in these groups can
perform read operations bypassing normal access controls. | (empty) |
+
+## S3-Specific Administrators
+
+These properties define administrators with privileges specific to the S3
Gateway interface.
+
+| Property Name | Description | Default Value |
+|---|---|---|
+| `ozone.s3.administrators` | Comma-separated list of user names who have
S3-specific administrative access. These users can access admin-only
information from the S3 Gateway. If this property is empty, users defined in
`ozone.administrators` will automatically have S3 administrative privileges. |
(empty) |
+| `ozone.s3.administrators.groups` | Comma-separated list of group names whose
members have S3-specific administrative access. Members of these groups can
access admin-only information from the S3 Gateway. | (empty) |
+
+## Recon Administrators
+
+These properties define administrators for the Recon service, which provides
monitoring and management capabilities for the Ozone cluster.
+
+| Property Name | Description | Default Value |
+|---|---|---|
+| `ozone.recon.administrators` | Comma-separated list of user names who are
Recon administrators. These users can access admin-only information from Recon.
Note that users defined in `ozone.administrators` will always have access to
all Recon information regardless of this setting. | (empty) |
+| `ozone.recon.administrators.groups` | Comma-separated list of group names
whose members are Recon administrators. Users in these groups can access
admin-only information from Recon. | (empty) |
+
+It is enough for a user to be defined in `ozone.administrators` or be directly
or indirectly in a group defined in `ozone.administrators.groups` to have full
administrative access across Ozone services.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
