Apache Druid

hello. The `/users/&lt;user_id&gt;/credentials` API is specifically used to change the credentials for the specified user. So I think not logging any sensitive information is intentional.

However, an authorized user with the right roles can use the <https://druid.apache.org/docs/latest/development/extensions-core/druid-basic-security.html#coordinator-security-api|user management APIs> to query users and their roles. For example:

```curl -u @creds.json -X GET http://&lt;master_host&gt;:8081/druid-ext/basic-security/authorization/db/MyBasicMetadataAuthorizer/users

curl -u @creds.json -X GET <http://localhost:8081/druid-ext/basic-security/authorization/db/MyBasicMetadataAuthorizer/users/foo>```

Hi <@U041R8S94GY> Thank you, even the user management request like create or delete user is also not logged. Wondering if this is expected.