You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by "Alok Lal (JIRA)" <ji...@apache.org> on 2015/08/11 19:41:45 UTC

[jira] [Commented] (RANGER-604) Ranger Solr Authorization should support new actions

    [ https://issues.apache.org/jira/browse/RANGER-604?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14682156#comment-14682156 ] 

Alok Lal commented on RANGER-604:
---------------------------------

Noticed a few things:
- based on my reading of SOLR-7838, at least in theory, one implementation of Ranger Solr plugin could be to simply push the updated authorization details to zk ({{authorization.json}}) .
-- Assuming that we can simply map ranger user-groups to solr-auth-roles.
-- This would still keep cluster wide permissions in Ranger for Ranger admin to review.
-- We would piggyback on default solr auth plugin implementation ensuring a lighter, less intrusive touch.
- Cons:
-- Reusing standard Solr auth also means we inherit its problems, if any.
-- Policy manager today never pushes policies.  So this would be a significant change to its model.
-- Auditing is a big piece that'll be missing.
-- Meaning of agents audits would also change.  Instead of denoting when agent contacted policy manager it would have to mean when policy manager pushed changes to ZK.  This can be confusing.
- Not that we do it, in principle, is this possible to do?  And if it were possible would we consider it?  
- Curious as to why Solr Basic Auth has the need to reorder the rules. :(  I mean I don't if it was added in anticipation of future performance problems to give admin's some control or they had reason to add an ability to reorder?

> Ranger Solr Authorization should support new actions
> ----------------------------------------------------
>
>                 Key: RANGER-604
>                 URL: https://issues.apache.org/jira/browse/RANGER-604
>             Project: Ranger
>          Issue Type: Improvement
>            Reporter: Don Bosco Durai
>             Fix For: 0.6.0
>
>
> The Solr community has added new actions as part of https://issues.apache.org/jira/browse/SOLR-7692 JIRA in 5.3+. We should plan to uptake in our next release



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)