You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by ge...@apache.org on 2019/06/30 11:29:34 UTC
[lucene-solr] branch branch_8x updated: Add missing predefined RBAP
perms to ref-guide
This is an automated email from the ASF dual-hosted git repository.
gerlowskija pushed a commit to branch branch_8x
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
The following commit(s) were added to refs/heads/branch_8x by this push:
new 60ec073 Add missing predefined RBAP perms to ref-guide
60ec073 is described below
commit 60ec073b273c4cb8ec01e2e0c7fdeced040ec32f
Author: Jason Gerlowski <ge...@apache.org>
AuthorDate: Sun Jun 30 06:35:53 2019 -0400
Add missing predefined RBAP perms to ref-guide
---
.../src/rule-based-authorization-plugin.adoc | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/solr/solr-ref-guide/src/rule-based-authorization-plugin.adoc b/solr/solr-ref-guide/src/rule-based-authorization-plugin.adoc
index eccc7ec..f237542 100644
--- a/solr/solr-ref-guide/src/rule-based-authorization-plugin.adoc
+++ b/solr/solr-ref-guide/src/rule-based-authorization-plugin.adoc
@@ -81,9 +81,26 @@ The pre-defined permissions are:
* *schema-edit*: this permission is allowed to edit a collection's schema using the <<schema-api.adoc#schema-api,Schema API>>. Note that this allows schema edit permissions for _all_ collections. If edit permissions should only be applied to specific collections, a custom permission would need to be created.
* *schema-read*: this permission is allowed to read a collection's schema using the <<schema-api.adoc#schema-api,Schema API>>. Note that this allows schema read permissions for _all_ collections. If read permissions should only be applied to specific collections, a custom permission would need to be created.
* *config-edit*: this permission is allowed to edit a collection's configuration using the <<config-api.adoc#config-api,Config API>>, the <<request-parameters-api.adoc#request-parameters-api,Request Parameters API>>, and other APIs which modify `configoverlay.json`. Note that this allows configuration edit permissions for _all_ collections. If edit permissions should only be applied to specific collections, a custom permission would need to be created.
-* *core-admin-read*: Read operations on the core admin API
-* *core-admin-edit*: Core admin commands that can mutate the system state.
* *config-read*: this permission is allowed to read a collection's configuration using the <<config-api.adoc#config-api,Config API>>, the <<request-parameters-api.adoc#request-parameters-api,Request Parameters API>>, and other APIs which modify `configoverlay.json`. Note that this allows configuration read permissions for _all_ collections. If read permissions should only be applied to specific collections, a custom permission would need to be created.
+* *metrics-read*: this permission allows access to Solr's <<metrics-reporting.adoc#metrics-api,Metrics API>>
+* *metrics-history-read*: this permission allows access to Solr's <<metrics-history.adoc#metrics-history-api,Metrics History API>>, which provides long-term history for a select set of key Solr metrics.
+* *autoscaling-read*: this permission allows users to read Solr's <<solrcloud-autoscaling-api.adoc#read-api,autoscaling>> configuration. This covers all read-only autoscaling APIs, including:
+** the "READ" API (`/solr/admin/autoscaling`)
+** the Diagnostics API (`/solr/admin/autoscaling/diagnostics`)
+** the Suggestions API (`/solr/admin/autoscaling/suggestions`)
+** The History API (`/solr/admin/autoscaling/history`)
+* *autoscaling-write*: this permission allows users to make changes to Solr's <<solrcloud-autoscaling-api.adoc#write-api,autoscaling>> configuration. This covers all operations in the autoscaling Write API, including:
+** set-cluster-preferences
+** set-cluster-policy
+** set-policy
+** remove-policy
+** set-trigger
+** remove-trigger
+** set-listener
+** remove-listener
+** set-properties
+* *core-admin-edit*: Core admin commands that can mutate the system state.
+* *core-admin-read*: Read operations on the core admin API
* *collection-admin-edit*: this permission is allowed to edit a collection's configuration using the <<collections-api.adoc#collections-api,Collections API>>. Note that this allows configuration edit permissions for _all_ collections. If edit permissions should only be applied to specific collections, a custom permission would need to be created. Specifically, the following actions of the Collections API would be allowed:
** CREATE
** RELOAD